Re: syslogd: using IPv6 as hostnames results in "IP mismatch"
Hi, > On Thu, 31 Jan 2019 08:24:38 +0100 > "O. Hartmann" said: ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \ ohartmann> fdff:dead:beef::; ohartmann> rejected in rule 1 due to IP mismatch. The -a option was broken. It should be fixed now. Please, try it. Sincerely, -- Hajimu UMEMOTO u...@mahoroba.org u...@freebsd.org http://www.mahoroba.org/~ume/ ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd: using IPv6 as hostnames results in "IP mismatch"
Hi, > On Thu, 31 Jan 2019 08:24:38 +0100 > "O. Hartmann" said: ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \ ohartmann> fdff:dead:beef::; ohartmann> rejected in rule 1 due to IP mismatch. The -a option was broken. It should be fixed now. Please try it. Sincerely, -- Hajimu UMEMOTO u...@mahoroba.org u...@freebsd.org http://www.mahoroba.org/~ume ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd: using IPv6 as hostnames results in "IP mismatch"
Hi, > On Thu, 31 Jan 2019 08:24:38 +0100 > "O. Hartmann" said: ohartmann> validate: dgram from IP ffdff:dead:beef::, port 514, name \ ohartmann> fdff:dead:beef::; ohartmann> rejected in rule 1 due to IP mismatch. The -a option was broken. It should be fixed now. Please try it. Sincerely, -- Hajimu UMEMOTO u...@mahoroba.org u...@freebsd.org http://www.mahoroba.org/~ume ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd 100% cpu usage on recent FreeBSD version
On 12/24/16 13:50, Ngie Cooper (yaneurabeya) wrote: On Dec 24, 2016, at 04:14, Subbsdwrote: Probably after https://svnweb.freebsd.org/base?view=revision=310494, syslogd eat 100% cpu with follow messages: Dec 24 14:19:15 samson syslogd: select: Bad file descriptor Dec 24 14:19:45 samson last message repeated 464140 times Dec 24 14:20:38 samson last message repeated 835899 times Fixed in r310504. Thanks to you! -- Guido Falsi ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd: select: Bad File descriptor
> On 24 Dec 2016, at 2:51 PM, Ngie Cooper (yaneurabeya)> wrote: > > >> On Dec 24, 2016, at 04:16, Daniel Braniss wrote: >> >> latest changes is causing cpu load and ‘last message repeated >> times, I guess the eggnog is affecting too early > > Fixed in r310504. > Thanks, > -Ngie thanks! Season Greetings, danny ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd: select: Bad File descriptor
> On Dec 24, 2016, at 04:16, Daniel Branisswrote: > > latest changes is causing cpu load and ‘last message repeated times, > I guess the eggnog is affecting too early Fixed in r310504. Thanks, -Ngie signature.asc Description: Message signed with OpenPGP using GPGMail
Re: syslogd 100% cpu usage on recent FreeBSD version
On 12/24/16 13:14, Subbsd wrote: Probably after https://svnweb.freebsd.org/base?view=revision=310494, syslogd eat 100% cpu with follow messages: Dec 24 14:19:15 samson syslogd: select: Bad file descriptor Dec 24 14:19:45 samson last message repeated 464140 times Dec 24 14:20:38 samson last message repeated 835899 times I'm sseeing this too. just upgraded one machine to r310496. -- Guido Falsi___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd 100% cpu usage on recent FreeBSD version
> On Dec 24, 2016, at 04:14, Subbsdwrote: > > Probably after https://svnweb.freebsd.org/base?view=revision=310494, > syslogd eat 100% cpu with follow messages: > > Dec 24 14:19:15 samson syslogd: select: Bad file descriptor > Dec 24 14:19:45 samson last message repeated 464140 times > Dec 24 14:20:38 samson last message repeated 835899 times Fixed in r310504. Thanks, -Ngie signature.asc Description: Message signed with OpenPGP using GPGMail
Re: syslogd no longer listens (or sends) on a network socket
On 12/19/16 22:42, Hiroki Sato wrote: Michael Butlerwrote in : im> On 12/19/16 12:12, Hiroki Sato wrote: im> > Michael Butler wrote im> > in : im> > im> > im> It appears that SVN r309925 and onward no longer opens a network im> > im> socket unless the command-line explicitly contains "-b :syslog" im> > :-( im> > im> im> > im> This also stops one syslog daemon forwarding to another (which is im> > why im> > im> I noticed). im> > im> im> > im> Was this an intentional behaviour change? im> > im> > Sorry, it was broken due to another mismerge at r309933. I fixed it im> > at r310278. Can you try the latest one and let me know if the im> > problem still persists or not? im> im> No, it does not. "netstat -an -finet | grep 514" shows that it doesn't im> listen on a UDP socket without adding "-b :syslog" to syslogd_flags in im> /etc/rc.conf, Thank you for the report. I misunderstood what was wrong and fixed it just now. Please try r310310. That works - thanks! :-) Michael ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd no longer listens (or sends) on a network socket
Michael Butlerwrote in : im> On 12/19/16 12:12, Hiroki Sato wrote: im> > Michael Butler wrote im> > in : im> > im> > im> It appears that SVN r309925 and onward no longer opens a network im> > im> socket unless the command-line explicitly contains "-b :syslog" im> > :-( im> > im> im> > im> This also stops one syslog daemon forwarding to another (which is im> > why im> > im> I noticed). im> > im> im> > im> Was this an intentional behaviour change? im> > im> > Sorry, it was broken due to another mismerge at r309933. I fixed it im> > at r310278. Can you try the latest one and let me know if the im> > problem still persists or not? im> im> No, it does not. "netstat -an -finet | grep 514" shows that it doesn't im> listen on a UDP socket without adding "-b :syslog" to syslogd_flags in im> /etc/rc.conf, Thank you for the report. I misunderstood what was wrong and fixed it just now. Please try r310310. -- Hiroki pgpHWw9jkbZNI.pgp Description: PGP signature
Re: syslogd no longer listens (or sends) on a network socket
On 12/19/16 12:12, Hiroki Sato wrote: Michael Butlerwrote in : im> It appears that SVN r309925 and onward no longer opens a network im> socket unless the command-line explicitly contains "-b :syslog" :-( im> im> This also stops one syslog daemon forwarding to another (which is why im> I noticed). im> im> Was this an intentional behaviour change? Sorry, it was broken due to another mismerge at r309933. I fixed it at r310278. Can you try the latest one and let me know if the problem still persists or not? No, it does not. "netstat -an -finet | grep 514" shows that it doesn't listen on a UDP socket without adding "-b :syslog" to syslogd_flags in /etc/rc.conf, Michael ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: syslogd no longer listens (or sends) on a network socket
Michael Butlerwrote in : im> It appears that SVN r309925 and onward no longer opens a network im> socket unless the command-line explicitly contains "-b :syslog" :-( im> im> This also stops one syslog daemon forwarding to another (which is why im> I noticed). im> im> Was this an intentional behaviour change? Sorry, it was broken due to another mismerge at r309933. I fixed it at r310278. Can you try the latest one and let me know if the problem still persists or not? -- Hiroki pgpf4Oj4yUvUq.pgp Description: PGP signature
Re: syslogd: Remote Logging busted?
On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote: I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to be logging the messages. They ARE making it to the system. Can someone look at bin/162135 which has all the details, including tcpdump to show that the messages are making it to the system. Just to be clear, you are running tcpdump on borg, right? The statement This is from my Cable Modem: confuses me a bit. Assuming tcpdump is on borg, it is making past any firewall (pf or ipfw, at least). What about /etc/hosts.allow? I don't recall if it filters before or after pcap see packets. I used to have a diagram showing the sequence of processing this, but I can't seem to find it now. What does netstat -af inet | grep syslog show? Is syslogd actually listening? -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: syslogd: Remote Logging busted?
On Fri, 28 Oct 2011, Kevin Oberman wrote: On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote: I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to be logging the messages. They ARE making it to the system. Can someone look at bin/162135 which has all the details, including tcpdump to show that the messages are making it to the system. Just to be clear, you are running tcpdump on borg, right? The statement This is from my Cable Modem: confuses me a bit. Yes, the tcpdump is running on borg, and the source of the syslog packets is from my Cable Modem at 192.168.200.10. /etc/hosts.allow: # # hosts.allow access control file for tcp wrapped applications. # $FreeBSD: src/etc/hosts.allow,v 1.23 2006/08/29 09:20:48 ru Exp $ # # NOTE: The hosts.deny file is deprecated. # Place both 'allow' and 'deny' rules in the hosts.allow file. # See hosts_options(5) for the format of this file. # hosts_access(5) no longer fully applies. #_ _ _ # | | __ __ __ _ _ __ ____ __ | | ___ | | # | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | | # | |___ | (_| | | | | | | | | |_) | | | | __/ |_| # |_| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_) # |_| # !!! This is an example! You will need to modify it for your specific # !!! requirements! # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a First match wins basis. #ALL : ALL : allow # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny # Protect against simple DNS spoofing attacks by checking that the # forward and reverse records for the remote host match. If a mismatch # occurs, access is denied, and any positive ident response within # 20 seconds is logged. No protection is afforded against DNS poisoning, # IP spoofing or more complicated attacks. Hosts with no reverse DNS # pass this rule. ALL : PARANOID : RFC931 20 : deny # Allow anything from localhost. Note that an IP address (not a host # name) *MUST* be specified for rpcbind(8). ALL : localhost 127.0.0.1 : allow # Comment out next line if you build libwrap without IPv6 support. ALL : [::1] : allow #ALL : my.machine.example.com 192.0.2.35 : allow # To use IPv6 addresses you must enclose them in []'s #ALL : [fe80::%fxp0]/10 : allow #ALL : [fe80::]/10 : deny #ALL : [2001:db8:2:1:2:3:4:3fe1] : deny #ALL : [2001:db8:2:1::]/64 : allow # Sendmail can help protect you against spammers and relay-rapers #sendmail : localhost : allow #sendmail : .nice.guy.example.com : allow #sendmail : .evil.cracker.example.com : deny #sendmail : ALL : allow # Exim is an alternative to sendmail, available in the ports tree exim : localhost : allow #exim : .nice.guy.example.com : allow #exim : .evil.cracker.example.com : deny exim : ALL : allow # Rpcbind is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) #rpcbind : 192.0.2.32/255.255.255.224 : allow #rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny # NIS master server. Only local nets should have access # (Since this is an RPC service, rpcbind needs to be considered) ypserv : localhost : allow #ypserv : .unsafe.my.net.example.com : deny #ypserv : .my.net.example.com : allow ypserv : ALL : deny # Provide a small amount of protection for ftpd ftpd : localhost : allow #ftpd : .nice.guy.example.com : allow #ftpd : .evil.cracker.example.com : deny ftpd : ALL : allow # You need to be clever with finger; do _not_ backfinger!! You can easily # start a finger war. fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s tcpd\: %u@%h[%a] fingered me! root) \ : deny # The rest of the daemons are protected. #ALL : ALL \ # : severity auth.info \ # : twist /bin/echo You are not welcome to use %d from %h. # Added by SSHBlock [Sat Oct 22 00:10:49 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:10:52 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:10:55 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:10:58 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:11:00 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:11:02 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:11:04 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by SSHBlock [Sat Oct 22 00:11:06 2011] # 5 break-in attempts in 15 seconds: sshd : 58.20.110.21 : deny # Added by
Re: syslogd: Remote Logging busted?
On Fri, Oct 28, 2011 at 8:37 PM, Larry Rosenman l...@lerctr.org wrote: On Fri, 28 Oct 2011, Kevin Oberman wrote: On Fri, Oct 28, 2011 at 7:22 PM, Larry Rosenman l...@lerctr.org wrote: I enabled remote logging for my home subnet, and syslogd doesn't seem(!) to be logging the messages. They ARE making it to the system. Can someone look at bin/162135 which has all the details, including tcpdump to show that the messages are making it to the system. Just to be clear, you are running tcpdump on borg, right? The statement This is from my Cable Modem: confuses me a bit. Yes, the tcpdump is running on borg, and the source of the syslog packets is from my Cable Modem at 192.168.200.10. /etc/hosts.allow: [Comments elided] ALL : PARANOID : RFC931 20 : deny ALL : localhost 127.0.0.1 : allow ALL : [::1] : allow exim : localhost : allow exim : ALL : allow rpcbind : ALL : deny ypserv : localhost : allow ypserv : ALL : deny ftpd : localhost : allow ftpd : ALL : allow fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s tcpd\: %u@%h[%a] fingered me! root) \ : deny Several superfluous rules, but I can't see anything that would block 514. Assuming tcpdump is on borg, it is making past any firewall (pf or ipfw, at least). What about /etc/hosts.allow? I don't recall if it filters before or after pcap see packets. I used to have a diagram showing the sequence of processing this, but I can't seem to find it now. What does netstat -af inet | grep syslog show? Is syslogd actually listening? the netstat output: udp4 0 0 *.syslog *.* and sockstat | grep syslog: root syslogd 65128 4 dgram /var/run/log root syslogd 65128 5 dgram /var/run/logpriv root syslogd 65128 6 udp6 *:514 *:* root syslogd 65128 7 udp4 *:514 *:* OK. I'm baffled! I can't see anything that looks wrong, but I'll think about it a bit more. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: syslogd: Remote Logging busted?
On Fri, 28 Oct 2011, Kevin Oberman wrote: OK. I'm baffled! I can't see anything that looks wrong, but I'll think about it a bit more. See my reply to Stas (cc'd to you). The issue is the damn cable modem is sending the packets from random source PORTS, so the -a entry needed a :* after the /24 to allow that. Now we're getting the log entries. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 512-248-2683 E-Mail: l...@lerctr.org US Mail: 430 Valona Loop, Round Rock, TX 78681-3893 ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: syslogd: Too many '/' in /dev//console
On Wed, Sep 05, 2001 at 09:52:34AM +0300, Giorgos Keramidas wrote: I have it fixed now in my local CVS tree. Hopefully Kris will commit something to fix it soon :-) I fixed this a couple of hours ago. Kris PGP signature
Re: syslogd: Too many '/' in /dev//console
From: Mike Heffner [EMAIL PROTECTED] Subject: Re: syslogd: Too many '/' in /dev//console Date: Tue, Sep 04, 2001 at 07:55:33PM -0400 On 04-Sep-2001 Giorgos Keramidas wrote: | | The following patch seems to have fixed the bug for me. | Yea, Kris said he was going to fix it. This must be some undefined behavior because I tested the change in a test program and the two sizeofs were giving me the same result..strange ;) I want to test this without leaving sizeof _PATH_DEV surrounded by spaces, with sizeof() explicitly using parentheses. I'm not sure where the undefined behavior is triggered, but this is a very likely point, and the source of syslogd.c is just full of this. I have it fixed now in my local CVS tree. Hopefully Kris will commit something to fix it soon :-) -giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd: Too many '/' in /dev//console
From: Giorgos Keramidas [EMAIL PROTECTED] Subject: Re: syslogd: Too many '/' in /dev//console Date: Tue, Sep 04, 2001 at 06:39:36AM +0300 I'm looking at the diffs from Aug 25, so if I come up with sth by running syslogd with -d, by tomorrow I'll have spotted this in more detail - probably replying with the patch to fix it too. Off to buildworld and bed, 'nite all. Running syslogd -d -s -s and checking out my usr.sbin/syslogd sources from various dates, I tracked this bug down to changes made between Aug 31 2001 and Sep 1 2001. In my /etc/syslog.conf I changed /dev/console to /dev/ttyvb so that all messages are redirected to /dev/ttyvb (where I would easily spot them, and do not clutter my active console). Here's the output of two builds of syslogd with sources from the dates mentioned: hades!root:[/usr/src/usr.sbin/syslogd]# cvs up -A -P -d -q -D 'Aug 31 2001' hades!root:[/usr/src/usr.sbin/syslogd]# make hades!root:[/usr/src/usr.sbin/syslogd]# make install hades!root:[/usr/src/usr.sbin/syslogd]# syslogd -d -s -s off running init cfline(*.* /var/log/messages, f, *, *) cfline(*.* /dev/ttyvb, f, *, *) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/messages 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X TTY: /dev/ttyvb logmsg: pri 56, flags 4, from hades, msg syslogd: restart Logging to FILE /var/log/messages Logging to TTY /dev/ttyvb syslogd: restarted ^Csyslogd: exiting on signal 2 syslogd: exiting on signal 2 logmsg: pri 53, flags 4, from hades, msg syslogd: exiting on signal 2 Logging to FILE /var/log/messages Logging to TTY /dev/ttyvb So, the sources of Aug 31 seem to run perfectly fine. Trying the same with the sources of Sep 1, I get the interesting output shown below: hades!root:[/usr/src/usr.sbin/syslogd]# cvs up -A -P -d -q -D 'Sep 1 2001' hades!root:[/usr/src/usr.sbin/syslogd]# make hades!root:[/usr/src/usr.sbin/syslogd]# make install hades!root:[/usr/src/usr.sbin/syslogd]# syslogd -d -s -s off running init cfline(*.* /var/log/messages, f, *, *) cfline(*.* /dev/ttyvb, f, *, *) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/messages 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X TTY: /dev//ttyvb logmsg: pri 56, flags 4, from hades, msg syslogd: restart Logging to FILE /var/log/messages Logging to TTY /dev//ttyvb syslogd: Too many '/' in /dev//ttyvb logmsg: pri 53, flags 4, from hades, msg syslogd: Too many '/' in /dev//ttyvb Logging to FILE /var/log/messages Logging to UNUSED syslogd: restarted The following patch seems to have fixed the bug for me. -giorgos [-- start of patch --] Index: syslogd.c === RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.84 diff -u -r1.84 syslogd.c --- syslogd.c 1 Sep 2001 08:42:49 - 1.84 +++ syslogd.c 4 Sep 2001 19:04:25 - @@ -1664,7 +1664,7 @@ f-f_type = F_CONSOLE; else f-f_type = F_TTY; - (void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1), + (void)strlcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1, sizeof(f-f_un.f_fname)); } else { (void)strlcpy(f-f_un.f_fname, p, sizeof(f-f_un.f_fname)); [-- end of patch --] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd: Too many '/' in /dev//console
On 04-Sep-2001 Giorgos Keramidas wrote: | | The following patch seems to have fixed the bug for me. | Yea, Kris said he was going to fix it. This must be some undefined behavior because I tested the change in a test program and the two sizeofs were giving me the same result..strange ;) Mike -- Mike Heffner mheffner@[acm.]vt.edu Blacksburg, VA [EMAIL PROTECTED] PGP signature
Re: syslogd: Too many '/' in /dev//console
On Monday, September 3, 2001, at 03:42 PM, [EMAIL PROTECTED] wrote: Between last weekend and this weekend, something changed in syslogd seems to have resulted in this boot-time error. The syslogd.c deltas from 1.82 - 1.83 look suspect since the handling of relevant variables has changed. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message Sorry for the double post -- to reproduce this problem it's necessary to run syslogd with the -s switch -- either no -s or -s -s fails to generate this error. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
RE: syslogd: Too many '/' in /dev//console
On 03-Sep-2001 [EMAIL PROTECTED] wrote: | Between last weekend and this weekend, something changed in syslogd | seems to have resulted in this boot-time error. The syslogd.c deltas | from 1.82 - 1.83 look suspect since the handling of relevant variables | has changed. This change looks wrong: @@ -1679,16 +1659,17 @@ cfline(line, f, prog, host) f-f_type = F_CONSOLE; else f-f_type = F_TTY; -(void)strcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1); +(void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1), ^^^ + sizeof(f-f_un.f_fname)); } else { Mike -- Mike Heffner mheffner@[acm.]vt.edu Blacksburg, VA [EMAIL PROTECTED] PGP signature
RE: syslogd: Too many '/' in /dev//console
On 04-Sep-2001 Mike Heffner wrote: | | On 03-Sep-2001 [EMAIL PROTECTED] wrote: || Between last weekend and this weekend, something changed in syslogd || seems to have resulted in this boot-time error. The syslogd.c deltas || from 1.82 - 1.83 look suspect since the handling of relevant variables || has changed. | | This change looks wrong: | Argh, nevermind. It doesn't appear to make any difference. Mike -- Mike Heffner mheffner@[acm.]vt.edu Blacksburg, VA [EMAIL PROTECTED] PGP signature
Re: syslogd: Too many '/' in /dev//console
On Tue, Sep 04, 2001 at 12:28:28AM -0400, Mike Heffner wrote: On 03-Sep-2001 [EMAIL PROTECTED] wrote: | Between last weekend and this weekend, something changed in syslogd | seems to have resulted in this boot-time error. The syslogd.c deltas | from 1.82 - 1.83 look suspect since the handling of relevant variables | has changed. This change looks wrong: @@ -1679,16 +1659,17 @@ cfline(line, f, prog, host) f-f_type = F_CONSOLE; else f-f_type = F_TTY; -(void)strcpy(f-f_un.f_fname, p + sizeof _PATH_DEV - 1); +(void)strlcpy(f-f_un.f_fname, p + sizeof(_PATH_DEV - 1), ^^^ + sizeof(f-f_un.f_fname)); } else { Oops, that was a last minute change to try and impose some style consistency on my changes (if not the entire file). I'll fix it. Kris PGP signature
Re: syslogd and -a
On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote: Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. That's the standard behaviour of a netmask, isn't it? The usual way to check if host h is in network/netmask n/m is to check if: (h m == n) this means that the bits of the network which are not in the mask must be zero. David. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On Mon, Jul 02, 2001 at 09:38:42AM +0100, David Malone wrote: On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote: Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. That's the standard behaviour of a netmask, isn't it? The usual way to check if host h is in network/netmask n/m is to check if: (h m == n) this means that the bits of the network which are not in the mask must be zero. That's exactly what happens in the syslogd(8) code. However, I think that should be, n = m . . . ((h m) == n) That is, why allow the user to enter a network number that is not /really/ the network number? Either flag an error or do the calculation for the user. I think doing the calculation is the more sensible choice. Commiting it to CURRENT now. -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On Mon, 2 Jul 2001 09:38:42 +0100 David Malone [EMAIL PROTECTED] wrote: On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote: Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. That's the standard behaviour of a netmask, isn't it? The usual way to check if host h is in network/netmask n/m is to check if: (h m == n) this means that the bits of the network which are not in the mask must be zero. David. Ok, changing the .1 to .0 worked for me. The last octect must be the network number. Thanks - David To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On Mon, 2 Jul 2001 08:25:38 -0700 Crist J. Clark [EMAIL PROTECTED] said: cristjc That's exactly what happens in the syslogd(8) code. However, I think cristjc that should be, cristjc n = m cristjc . cristjc . cristjc . cristjc ((h m) == n) I think it should be: ((h m) == (n m)) cristjc That is, why allow the user to enter a network number that is not cristjc /really/ the network number? Either flag an error or do the cristjc calculation for the user. I think doing the calculation is the more cristjc sensible choice. Commiting it to CURRENT now. When I committed IPv6 support to syslogd, I didn't mask address to keep compatibility with IPv4. So, I'll commit to IPv6 side, later. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On Mon, Jul 02, 2001 at 09:38:42AM +0100, David Malone wrote: On Sun, Jul 01, 2001 at 09:20:44PM -0700, Crist J. Clark wrote: Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. That's the standard behaviour of a netmask, isn't it? The usual way to check if host h is in network/netmask n/m is to check if: (h m == n) this means that the bits of the network which are not in the mask must be zero. This doesn't seem to work with IPv6. Isn't there a libc function which can be used to do this? Kris PGP signature
Re: syslogd and -a
On Mon, 2 Jul 2001 12:25:42 -0700 Kris Kennaway [EMAIL PROTECTED] said: kris This doesn't seem to work with IPv6. Isn't there a libc function kris which can be used to do this? Yup, there is no api for masking address ether libc nor standard. I'll commit the following patch for IPv6: Index: usr.sbin/syslogd/syslogd.c === RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.79 diff -u -r1.79 syslogd.c --- usr.sbin/syslogd/syslogd.c 2001/07/02 15:26:47 1.79 +++ usr.sbin/syslogd/syslogd.c 2001/07/02 19:39:32 @@ -2033,7 +2033,7 @@ reject = 0; for (j = 0; j 16; j += 4) { if ((*(u_int32_t *)sin6-sin6_addr.s6_addr[i] *(u_int32_t *)m6p-sin6_addr.s6_addr[i]) - != *(u_int32_t *)a6p-sin6_addr.s6_addr[i]) { + != (*(u_int32_t +*)a6p-sin6_addr.s6_addr[i] *(u_int32_t *)m6p-sin6_addr.s6_addr[i])) { ++reject; break; } -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On Sun, Jul 01, 2001 at 11:41:25PM -0400, David Hill wrote: Hello - It seems the -a option for syslogd does not work 100%. I need to log from hosts from 192.168.1.1-.6 doing /usr/sbin/syslogd -a 192.168.1.1/29 does not work (nothing gets logged) but, if i do /usr/sbin/syslogd -a 192.168.1.1/32 -a 192.168.1.2/32, etc... that works can anyone try this out? Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. I'll have a look. -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd and -a
On 02-Jul-01 (04:20:44/GMT) Crist J. Clark wrote: It seems the -a option for syslogd does not work 100%. Hmmm... Looks like, # syslogd -a 192.168.1.0/29 Will work and, # syslogd -a 192.168.1.1/29 Won't. Under 4.3-STABLE is the same. To capure log from router I added (in rc.conf) -a 192.168.22.254/32:* because with all log enabled I notice that with ..22.0/24 syslod refused to accept requests from network :-( Ciao, Riccardo. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: syslogd(8) does not update hostname
I don't agree with this change. hostname != name-that-IP-address-resolves-to. I can see how loggin the IP address (or some manifestation thereof) to a central logger, but this is too strong. Example: My laptop has a hostname set for my home network, and I connect it to my work network and DHCP an IP address there. I would be HOPPING mad if that caused my hostname and VPN to break. M Submitter-Id: current-users Originator: Crist J. Clark Organization: Confidential: no Synopsis: syslogd(8) does not update hostname Severity: non-critical Priority: medium Category: bin Release:FreeBSD 5.0-CURRENT i386 Class: sw-bug Environment: All standard FreeBSD distributions. The code discussed is from 5.0-CURRENT, but should trivially merge back to -STABLE. Description: Many tools and progams within FreeBSD date back to a time when it was expected that a machines IP and hostname seldom, if ever, changed. Even when a IP and hostname were received at boot, it rarely changed until shutdown. With many users using protocols like DHCP where IP and hostname change with time, many tools do not deal well with this behavior. One of these tools is syslogd(8). syslogd(8) is typically started at boot time and runs until shutdown. However, syslogd(8) loads the hostname at startup and syslogd(8)'s idea of the hostname can never change while it is running. One might expect that a SIGHUP would cause syslogd(8) to load the new hostname since a SIGHUP can cause syslogd(8) to re-read its configuration file and re-open the log files, but it does not. The fact that the hostname does not change can cause confusion in the log files. It could be especially troublesome when a machine is logging to a central loghost. At any given time, the names in the log files may not have any correspondence to the names the hosts currently have. There are even issues on a host that gets its IP and hostname via DHCP at boot and the name never changes. syslogd(8) is started before any network services are initialized in /etc/rc. I propose that syslogd(8) should reload the hostname with a SIGHUP. I cannot think of any reason that one should not update the hostname, but as I pointed out, there are reasons why one would want that behavior. How-To-Repeat: # hostname -s bubbles # hostname bubbles-test.domain.org # kill -HUP `cat /var/run/syslog.pid` # logger -p user.notice "hostname test" # tail -4 /var/log/messages Jan 17 21:45:00 bubbles /boot/kernel/kernel: acd0: CDROM CD-532E-A at ata0-slave using BIOSPIO Jan 17 21:45:00 bubbles /boot/kernel/kernel: Mounting root from ufs:/dev/ad0s1a Jan 18 00:41:14 bubbles su: cjc to root on /dev/ttyp0 Jan 18 00:58:34 bubbles cjc: hostname test Fix: I do not see any reason we cannot move the code that gets the hostname from the main() function into init(). init() is called when to "reload" settings. The hostname is never used in main() before init() is called. The patch is against -CURRENT and my box has not exploded yet. Here is what the above test looks like with the change in place. # hostname -s bubbles # hostname bubbles-test.cjclark.org # kill -HUP `cat /var/run/syslog.pid ` # logger -p user.notice "syslogd hostname test" # hostname bubbles.cjclark.org # kill -HUP `cat /var/run/syslog.pid ` # logger -p user.notice "syslogd hostname test" # tail -4 /var/log/messages Jan 18 13:36:58 bubbles su: BAD SU cjc to root on /dev/ttyp0 Jan 18 13:37:03 bubbles su: cjc to root on /dev/ttyp0 Jan 18 13:38:40 bubbles-test cjc: syslogd hostname test Jan 18 13:39:11 bubbles cjc: syslogd hostname test --- syslogd.c 2001/01/18 08:06:34 +++ syslogd.c 2001/01/18 08:09:23 @@ -395,12 +395,6 @@ consfile.f_type = F_CONSOLE; (void)strcpy(consfile.f_un.f_fname, ctty + sizeof _PATH_DEV - 1); - (void)gethostname(LocalHostName, sizeof(LocalHostName)); - if ((p = strchr(LocalHostName, '.')) != NULL) { - *p++ = '\0'; - LocalDomain = p; - } else - LocalDomain = ""; (void)strcpy(bootfile, getbootfile()); (void)signal(SIGTERM, die); (void)signal(SIGINT, Debug ? die : SIG_IGN); @@ -1342,6 +1336,16 @@ char host[MAXHOSTNAMELEN+1]; dprintf("init\n"); + + /* +* Load hostname (may have changed) +*/ + (void)gethostname(LocalHostName, sizeof(LocalHostName)); + if ((p = strchr(LocalHostName, '.')) != NULL) { + *p++ = '\0'; + LocalDomain = p; + } else + LocalDomain = ""; /* * Close all open log files. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe
Re: syslogd(8) does not update hostname
On Sat, Jan 20, 2001 at 11:24:16AM +0200, Mark Murray wrote: I don't agree with this change. hostname != name-that-IP-address-resolves-to. Dunno what you are talking about. That has nothing directly to do with this. No one is talking about forcing you to change your hostname. The patch just allows syslogd(8) to take note if the hostname were to change. -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: syslogd(8) does not update hostname
On Sat, Jan 20, 2001 at 11:24:16AM +0200, Mark Murray wrote: I don't agree with this change. hostname != name-that-IP-address-resolves-to. Dunno what you are talking about. That has nothing directly to do with this. No one is talking about forcing you to change your hostname. The patch just allows syslogd(8) to take note if the hostname were to change. D'uh. Bad crack I'm on. :-) M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: syslogd
On Sun, 16 Jan 2000, Vladimir B. Grebeschikov wrote: On Sat, 15 Jan 2000, Doug White wrote: # log firewall messages ONLY in this file (noy in messages below) !!ipfw *.* /var/log/ipfw This is a bad example. ipfw messages come from the kernel so you can't filter those. it really works, try it Oh. Heh. I stand corrected. My sincere apologies. Now that's cleared up, I'd agree that your suggestion would be a useful feature. Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message