You are not logged in.
Hi,
Today I have noticed a wierd entry in my iptables.log:
Aug  1 16:10:49 bluemoon 6>firewall: IN=wlan0 OUT= MAC=00:14:a5:75:28:a6:00:1f:90:56:dd:52:08:00 SRC=129.79.1.88 DST=192.168.1.9 LEN=40 TOS=0x00 PREC=0x00 TTL=5
0 ID=64972 PROTO=TCP SPT=993 DPT=33671 WINDOW=1095 RES=0x00 RST URGP=0a typical one looks like:
Aug  1 15:49:03 bluemoon hald: mounted /dev/sdb on behalf of uid 1000
Aug  1 15:55:49 bluemoon kernel: firewall: IN=wlan0 OUT= MAC=00:14:a5:75:28:a6:0
0:1f:90:56:dd:52:08:00 SRC=129.79.1.88 DST=192.168.1.9 LEN=40 TOS=0x00 PREC=0x00
 TTL=50 ID=5655 PROTO=TCP SPT=993 DPT=44951 WINDOW=1095 RES=0x00 RST URGP=0Note the "6>" instead of "kernel: " (bluemoon is the hostname)... I am running kernel 2.6.30.2-1 with iptables 1.4.4-1.
Has anyone seen something like this before?
Thanks in advance,
L.
Last edited by Leonid.I (2009-10-11 21:25:39)
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
BTW, I found matching entries in /var/log/user.log (which is a log file for user-initiated events)...
Any thoughts, someone?
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
OK, I think I can safely say that it's been figured out. For those, who might repeat my mistakes: the reason for corrupted log entries was klogd, which was running alongside syslog-ng. First, it is redundant, as syslog-ng already has a kernel logger. Second, syslog/klod are known for corrupting logs sometimes, so syslog-ng or rsyslog is a better alternative...
Hope that is useful...
L.
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline

actually I use rsyslogd. you should give it a try.
its pretty simple and descritive without showing much info you won't really need (redundant stuff).
If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.
Offline