Strange ipfw messages in /var/log/messages
Sascha Wildner
saw at online.de
Sun Aug 15 15:37:22 PDT 2004
Matthew Dillon wrote:
I have no idea ... it kinda looks like ipfw is trying to log
something but it's virtually unreadable. Are you loading ipfw
as a module? Maybe the module is out of date with the kernel.
No, IPFIREWALL and IPFIREWALL_VERBOSE are compiled into the kernel.
kernel, modules and world were recompiled just a few days ago.
I am guessing you have 'log' directives in your ipfw.conf
somewhere and that the log messages are related to those
directives.
I do have 'log' directives in my ipfw.conf and 99.9% of the time
filtered packets are logged correctly to /var/log/security but somehow a
few of them are trashed and have the wrong syslog facilities and levels
(e.g., kern.crit or user.err instead of the normal security.info). Hence
the wrong log file (/var/log/messages instead of /var/log/security).
I have the feeling that the same thing that's trashing the log messages
is also responsible for the (seemingly) random assignment of syslog
facility and level. Maybe some sort of overrun? There was pretty much
firewall activity at some of the times where the misdirected logs
occured. The machine is a 400MHz PII.
Regards,
Sascha
--
http://yoyodyne.ath.cx
More information about the Bugs
mailing list