Re: Fragments of kernel log text in security run message
On Mon, Aug 18, 2003 at 12:50:19AM -0500, Dan Nelson wrote: I get this as well on RELENG_4...I wish I knew why. Often it causes syslogd to log it at LOG_EMERG priority (=spams every logged in user with the truncated message). I think this happens after the kernel's message buffer starts rolling over. The very first line in the dmesg output sometimes gets cut in half, so diff prints it as a change block, and the security script prints the add portion. Maybe the check_diff function should remove the first line of the dmesg output before doing the diff? I guess I'm talking about a different problem, actually (syslogd), although I see the truncated security script mail as well. Kris pgp0.pgp Description: PGP signature
Re: Fragments of kernel log text in security run message
# [EMAIL PROTECTED] / 2003-08-17 23:01:54 -0700: On Mon, Aug 18, 2003 at 12:50:19AM -0500, Dan Nelson wrote: I get this as well on RELENG_4...I wish I knew why. Often it causes syslogd to log it at LOG_EMERG priority (=spams every logged in user with the truncated message). I think this happens after the kernel's message buffer starts rolling over. The very first line in the dmesg output sometimes gets cut in half, so diff prints it as a change block, and the security script prints the add portion. Maybe the check_diff function should remove the first line of the dmesg output before doing the diff? I guess I'm talking about a different problem, actually (syslogd), although I see the truncated security script mail as well. The oldest security run mail I found this artifact in is dated Fri, 6 Sep 2002 03:01:14 + (GMT): ishtar.bellavista.cz kernel log messages: tfix/local[3952]: fatal: open database /etc/aliases.db: No such file or directory Next day's security run shows I updated the box to 4.7-PRERELEASE on Sep 7, but I don't know what version it was running till then. Hope this is of *some* help. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fragments of kernel log text in security run message
Until recently, my security run messages from Release-4.7 have been reasonably comprehensible. Certain events and changes have been reported, such as login failures and setuid changes, but I could always figure out roughly what was being reported. Recently, though, I've been seeing small fragments of text in the kernel log portion of that report. This happens almost every day now. Following are a few examples. There is just one fragment per report. - kq9.net kernel log messages: copeid 0x4 kq9.net kernel log messages: 8. kq9.net kernel log messages: nal_number pid ... kq9.net kernel log messages: rved. kq9.net kernel log messages: 0/16/63] at ata0-slave WDMA2 kq9.net kernel log messages: d to support NFS kq9.net kernel log messages: /ad0s1a: kq9.net kernel log messages: , 4950 blocks, 2.0% fragmentation) kq9.net kernel log messages: TEM CLEAN; SKIPPING CHECKS - Each of these messages looks like a valid fragment of a bootup message, but I don't see why I should suddenly be getting these in the security report. Does anyone know where this stuff might be coming from? Thank you very much. Ralph ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fragments of kernel log text in security run message
On Sun, Aug 17, 2003 at 10:39:49PM -0400, Ralph Dratman wrote: Recently, though, I've been seeing small fragments of text in the kernel log portion of that report. This happens almost every day now. Following are a few examples. There is just one fragment per report. - kq9.net kernel log messages: copeid 0x4 kq9.net kernel log messages: 8. I get this as well on RELENG_4...I wish I knew why. Often it causes syslogd to log it at LOG_EMERG priority (=spams every logged in user with the truncated message). Kris pgp0.pgp Description: PGP signature
Re: Fragments of kernel log text in security run message
In the last episode (Aug 17), Kris Kennaway said: On Sun, Aug 17, 2003 at 10:39:49PM -0400, Ralph Dratman wrote: Recently, though, I've been seeing small fragments of text in the kernel log portion of that report. This happens almost every day now. Following are a few examples. There is just one fragment per report. - kq9.net kernel log messages: copeid 0x4 kq9.net kernel log messages: 8. I get this as well on RELENG_4...I wish I knew why. Often it causes syslogd to log it at LOG_EMERG priority (=spams every logged in user with the truncated message). I think this happens after the kernel's message buffer starts rolling over. The very first line in the dmesg output sometimes gets cut in half, so diff prints it as a change block, and the security script prints the add portion. Maybe the check_diff function should remove the first line of the dmesg output before doing the diff? -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]