Strange ipfw messages in /var/log/messages

[George Georgalis]

On Sun, Aug 15, 2004 at 03:40:24AM +0200, Sascha Wildner wrote:
>Hi folks,
>
>from time to time I get strange fragments of ipfw messages in 
>/var/log/messages instead of /var/log/security. It looks like this:
>
>Aug 12 19:35:26 <kern.crit> yoyodyne /kernel: 28172 in via tun0
>Aug 12 19:35:29 <kern.crit> yoyodyne /kernel: in via tun0
>Aug 13 09:39:36 <kern.crit> yoyodyne /kernel: .36:27325 in via tun0
>Aug 14 03:26:41 <user.err> yoyodyne /kernel: TCP 193.163.220.4:6517 
>81.173.173.183:31363 in via tun0
>Aug 14 03:26:43 <kern.crit> yoyodyne /kernel: .220.4:36736 
>81.173.173.183:55412 in via tun0
>Aug 14 03:26:46 <kern.crit> yoyodyne /kernel: 0.4:23997 
>81.173.173.183:35253 in via tun0
>Aug 14 03:26:50 <kern.crit> yoyodyne /kernel: 2 81.173.173.183:6786 in 
>via tun0
>Aug 14 07:44:40 <kern.crit> yoyodyne /kernel: in via tun0
>Aug 14 21:47:55 <kern.err> yoyodyne /kernel: .220.4:35890 
>213.196.245.18:43256 in via tun0
>Aug 14 21:47:58 <kern.crit> yoyodyne /kernel: .4:25600 
>213.196.245.18:55412 in via tun0
>Aug 14 21:48:01 <kern.emerg> yoyodyne /kernel: .4:39206 
>213.196.245.18:5490 in via tun0
>
>Also note facility and level (normally it's security.info).
>

syslog is notorious for dropping entries when it's overloaded, but this
looks like the head of entries have been cut off. If your system is
loaded, have you tried another logger?

I've been very happy with socklog [1] under daemontools [2]. SuperScript
ucspi-ipc [3] may also be of interest, but I've not tried it.

// George

[1] http://smarden.org/socklog/
[2] http://cr.yp.to/daemontools.html
[3] http://www.superscript.com/ucspi-ipc/intro.html


-- 
George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/  cell:646-331-2027  mailto:george at xxxxxxxxx
Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631