Good $daytime,
Anybody seen this: garbled packet log lines in syslog files?
Setup
Machine: (stock) RedHat 7.1 with (stock) kernel 2.4.3-12 and (stock)
klogd 1.4-0
Loghost: (stock) RedHat 6.1 with (stock) syslogd 1.3-3
Both machine and loghost are i686 > 500MHz, on a switched 100Base-TX LAN.
ipchains were set up on machine, with packet logging turned on. Then,
`nmap -sS` (TCP SYN scan) is ran against it. This yields about 2000
syslog messages in 5 seconds.
Symptom
Several lines in /var/log/messages seem to overlap each other.
1. The problem manifests itself also on loghost, to a lesser extent.
2. Overlapping items are not the same. This probably points to the
client {sys,k}logd side as error source.
Any ideas? Thanks in advance.
P.S. real IP values are obfuscated, for obvious reasons.
Regards,
Willy.
--
No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov
Shall bring us to our goal, | Control Systems and Processes Division
But iron sacrifice | LUKOIL Company, Chelyabinsk Branch
Of Body, Will and Soul. | willy@lukoil.uu.ru +7 3512 620367
R.Kipling | VVF1-RIPE
This archive was generated by hypermail 2.1.2 : Mon Aug 20 2001 - 15:12:29 CEST