Date: Wed, 13 Oct 2010 11:55:19 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Jeremy Chadwick <freebsd@jdc.parodius.com> Cc: Marcin <nickson@interia.pl>, freebsd-stable@freebsd.org Subject: Re: Problem with security log Message-ID: <AANLkTin9MZpQniOogFhQFUKGRtgyk9xv7afrfWrDu_Me@mail.gmail.com> In-Reply-To: <20101013092345.GA54174@icarus.home.lan> References: <AANLkTimy6anK4VGnUzhw=YyiNrKjki-H8qruvh4Dfq%2BT@mail.gmail.com> <20101013081758.GA52870@icarus.home.lan> <AANLkTikngP9Gdx_5-r2eVU8va-UExFmL8mG42nTWP4jG@mail.gmail.com> <20101013092345.GA54174@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 13, 2010 at 11:23 AM, Jeremy Chadwick <freebsd@jdc.parodius.com> wrote: > On Wed, Oct 13, 2010 at 11:03:36AM +0200, Marcin wrote: >> 2010/10/13 Jeremy Chadwick <freebsd@jdc.parodius.com>: >> > On Tue, Oct 12, 2010 at 10:50:28PM +0200, Marcin wrote: >> >> Hi folks, >> >> >> >> For some time in the file / var / log / security appear illegible ent= ries: >> >> kernel: ipfw: 200 Deny UDiPp f1w9:2 .168.10.5:5230503 D22e4n.y0 >> >> .U0D.P25 1:15923.5136 o8.u10t. 5va5 3r5e03 224.0.0.251:5353 in via re= 0 >> >> >> >> How to get rid of it? Please help... >> > >> > There isn't a 100% reliable way to get rid of this problem. =A0I've be= en >> > harping about this for years (sorry to sound like a jerk, but this >> > really is a major problem that keeps coming up and annoys users/admins >> > to no end. =A0There are solutions -- Linux solved it by implementing a >> > lockless circular ring buffer[1] used by kmsg). >> > >> > The """workaround""" -- which again, does not solve the problem, only >> > decreases the regularity of it happening (and when it does happen, can >> > sometimes decrease how much interspersed output there is) -- is to add >> > the following line to your kernel config and rebuild/reinstall your >> > kernel: >> > >> > options =A0 =A0 =A0 =A0 PRINTF_BUFR_SIZE=3D128 =A0 =A0# Prevent printf= output being interspersed. >> > >> > This option became part of the GENERIC kernel configuration file at th= e >> > following times: >> > >> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/amd64/conf/GENERIC#rev1.= 529 >> > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/i386/conf/GENERIC#rev1.5= 17 >> > >> > Depending on what release/tag you follow, you may or may not find the >> > above commit/change in your GENERIC file. =A0I can't be bothered to tr= ack >> > down what time the CVS tagging was done, for multiple architectures, >> > etc... >> > >> > [1]: http://www.mjmwired.net/kernel/Documentation/trace/ring-buffer-de= sign.txt >> >> Hi Jeremy, >> I have compiled kernel with this option and unfortunately problem still = exist... >> Do you have another idea how can i improve my log file? :) > > I was incorrect in my understanding/prognosis, so as Andriy pointed out, > the option won't solve your problem. > > It sounds like the only way to solve this issue is to improve/fix the > msgbuf code. =A0Alternatively, you could consider moving from ipfw to > pf(4) and use pflog(4) / pflogd(8). or you can use the log option of ipfw and run tcpdump on the "ipfw0" pseudo interface which will give you all the traffic that matches a 'log' rule (there is a sysctl variable that controls whether log goes to syslog or to the ipfw pseudo interface) cheers luigi > -- > | Jeremy Chadwick =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 jdc@parodius.com | > | Parodius Networking =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 http://= www.parodius.com/ | > | UNIX Systems Administrator =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Mountain = View, CA, USA | > | Making life hard for others since 1977. =A0 =A0 =A0 =A0 =A0 =A0 =A0PGP:= 4BD6C0CB | > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin9MZpQniOogFhQFUKGRtgyk9xv7afrfWrDu_Me>