LogAnalysis
[logs] Logging oddity from FreeBSD Oct 26 2007 12:46AM
Tina Bird (tbird precision-guesswork com) (1 replies)

Hi all -- I've discovered a bit of syslog data that I can't explain.

Jun 13 00:57:57 <hostname> kernel: Jun 13 00:57:57 <hostname>
named[45636]: transfer of 'example.com/IN' from xyz.xyz.xyz.xyz#53: failed
to
connect: timed out

For those of us with mail clients that automatically line wrap, that's all a
single line, stored in /var/log/messages. So clearly there's some oddity
happening with regard to a missing newline.

If I assume the obvious place for the break --

Jun 13 00:57:57 <hostname> kernel:

Jun 13 00:57:57 <hostname> named[45636]: transfer of 'example.com/IN' from
xyz.xyz.xyz.xyz#53: failed to connect: timed out

Why in the world would the kernel write an empty messager like that? The
only thing I can come up with (and it's completely unconvincing to me, so I
assume it's pretty far wrong) is that whatever weirdness happened with the
linewrap caused the second message to overwrite part of the first message.

Anyone have a more plausible explanation?

thanks -- tbird

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Logging oddity from FreeBSD Oct 26 2007 02:15AM
Mordechai T. Abzug (morty frakir org) (1 replies)
RE: [logs] Logging oddity from FreeBSD Oct 26 2007 02:19AM
Tina Bird (tbird precision-guesswork com) (1 replies)
[logs] Feedback Needed: Large Scale Syslog Management Oct 29 2007 07:04PM
Clayton Dukes (cdukes) (cdukes cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus