[syslog-ng] Syslog-ng v3.5.3 - Core dump from a certain incoming message?
Clayton Dukes
cdukes at gmail.com
Thu Jul 23 17:33:39 CEST 2015
Has anyone seen this or know what may be causing it? When I run a stack
trace, I can see that this host causes syslog-ng to crash every time it
sends a message
I've run a couple of tcpdumps and it *seems* to be caused by an ARP request
from a Cyclades box. This seems very odd to me of course.
10 130.085308 Cyclades_01:be:4b SuperMic_9a:58:be ARP 60 Who has
x.x.188.52? Tell x.x.188.11
The *only* other packets from that host are repeated so they don't seem to
be the cause:
4 1.000259 x.x.188.11 x.x.188.52 Syslog 257 LOCAL0.NOTICE: Jul 23 11:04:05
src_dev_log at ACS-01 Buffering: S12.Server-Farm-6509-01 [Jul 23 11:04:03.267
EDT: %MCAST-SP-3-QUERY_INT_MISMATCH: Snooping Querier received a
non-matching query interval (125000 msec),]\n
[pid 28379] recvfrom(9, "<133>Jul 23 10:19:58 src_dev_log"..., 8192, 0,
{sa_family=AF_INET, sin_port=htons(3284),
sin_addr=inet_addr("x.x.188.11")}, [16]) = 181
[pid 28379] stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519,
...}) = 0
[pid 28379] mprotect(0x7f956c346000, 12288, PROT_READ|PROT_WRITE) = 0
[pid 28379] write(2, "**\nERROR:../../lib/logmsg.c:535:"..., 114) = 114
[pid 28379] rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
[pid 28379] tgkill(28374, 28379, SIGABRT) = 0
[pid 28379] --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=28374,
si_uid=0} ---
[pid 28379] +++ killed by SIGABRT (core dumped) +++
[pid 28434] +++ killed by SIGABRT (core dumped) +++
[pid 28428] +++ killed by SIGABRT (core dumped) +++
+++ killed by SIGABRT (core dumped) +++
______________________________________________________________
Clayton Dukes
______________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150723/49457d09/attachment.htm
More information about the syslog-ng
mailing list