Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#16087 - Strange behavior of syslog/iptables

Attached to Project: Arch Linux
Opened by Leonid Isaev (lisaev) - Monday, 07 September 2009, 23:00 GMT
Last edited by Andrea Scarpino (BaSh) - Monday, 14 September 2009, 07:32 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Aaron Griffin (phrakture)
Ronald van Haren (pressh)
Architecture i686
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

I have noticed strange log entries in /var/log/iptables.log, which look like this:

Sep 5 19:36:21 svibor >OFGN_TAC: sdpeae n ilb eoe on laeue<>fcntakac= enlprmtrct1n_onrc oueoto r<>yclntntitrn_onrc_ct1t nbei.<4>firewall: IN=eth0 OUT= MAC=00:0f:1f:d4:6e:93:00:d0:05:56:a8:00:08:00 SRC=213.175.204.14 DST=129.79.159.99 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=80 DPT=27237 WINDOW=5840 RES=0x00 ACK SYN URGP=0

while normal ones are

Sep 5 19:48:38 svibor kernel: firewall: IN=eth0 OUT= MAC=00:0f:1f:d4:6e:93:00:d0:05:56:a8:00:08:00 SRC=219.150.172.245 DST=129.79.159.99 LEN=40 TOS=0x00 PREC=0x00 TTL=107 ID=256 PROTO=TCP SPT=6000 DPT=90 WINDOW=16384 RES=0x00 SYN URGP=0

Basically, the word "kernel:" is replaced by some garbage...

The strange thing is that exactly same entries appear in /var/log/user.log

Can anyone confirm this? I'm not sure, if this has something to do with iptables, or syslog-ng

System: kernel is 2.6.30.5, iptables 1.4.4-1 and syslog-ng 3.0.4-1.

Thanks.
This task depends upon

Closed by  Andrea Scarpino (BaSh)
Monday, 14 September 2009, 07:32 GMT
Reason for closing:  Not a bug
Comment by Leonid Isaev (lisaev) - Wednesday, 09 September 2009, 13:46 GMT
Actually, I observed the same behavior while attaching usb devices, sometimes:

messages.log

Sep 8 09:47:51 svibor i: f
Sep 8 09:47:51 svibor 7s: ::::[d]Md es:0 00 0<>d5000 sb suigdiecce rt hog

user.log

Sep 8 09:47:51 svibor i: f
Sep 8 09:47:51 svibor 7s: ::::[d]Md es:0 00 0<>d5000 sb suigdiecce rt hog

kernel.log

Sep 8 09:47:51 svibor kernel: sd 5:0:0:0: Attached scsi generic sg2 type 0
Sep 8 09:47:51 svibor kernel: usb-storage: device scan complete

So it definitely has nothing to do with iptables, but seems to be a bug in syslog-ng.
I wonder, is it arch linux related, or I should report it to balabit?
Comment by Leonid Isaev (lisaev) - Saturday, 12 September 2009, 17:03 GMT
I have experimented with syslog-ng running in parallel wirh syslogd/klogd and it seems that this strange behavior of syslog-ng is related to the other loggers, as stopping them also stops the corrupted log entries (at least I have observed non so far)...

There is a mention at balabit.com of a system slowdown, if syslog-ng and klogd are runing alongside, but nothing about this issue.

If nobody can confirm this bug, I'll request its closure, to avoid bloating of the bug list.

Leonid.

Loading...