Date: Mon, 18 Aug 2003 00:50:19 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Ralph Dratman <ralph@maxsoft.com> Subject: Re: Fragments of kernel log text in "security run" message Message-ID: <20030818055019.GF2653@dan.emsphone.com> In-Reply-To: <20030818052132.GA70374@rot13.obsecurity.org> References: <v04210101bb65e6df4e60@[192.168.1.27]> <20030818052132.GA70374@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 17), Kris Kennaway said: > On Sun, Aug 17, 2003 at 10:39:49PM -0400, Ralph Dratman wrote: > > > Recently, though, I've been seeing small fragments of text in the > > "kernel log" portion of that report. This happens almost every day > > now. Following are a few examples. There is just one fragment per > > report. > > --------------------------------- > > kq9.net kernel log messages: > > >copeid 0x4 > > > > kq9.net kernel log messages: > > >8>. > > I get this as well on RELENG_4...I wish I knew why. Often it causes > syslogd to log it at LOG_EMERG priority (=spams every logged in user > with the truncated message). I think this happens after the kernel's message buffer starts rolling over. The very first line in the dmesg output sometimes gets cut in half, so diff prints it as a change block, and the security script prints the "add" portion. Maybe the check_diff function should remove the first line of the dmesg output before doing the diff? -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030818055019.GF2653>