Problem with security log
Jeremy Chadwick
freebsd at jdc.parodius.com
Wed Oct 13 08:18:00 UTC 2010
On Tue, Oct 12, 2010 at 10:50:28PM +0200, Marcin wrote:
> Hi folks,
>
> For some time in the file / var / log / security appear illegible entries:
> kernel: ipfw: 200 Deny UDiPp f1w9:2 .168.10.5:5230503 D22e4n.y0
> .U0D.P25 1:15923.5136 o8.u10t. 5va5 3r5e03 224.0.0.251:5353 in via re0
>
> How to get rid of it? Please help...
There isn't a 100% reliable way to get rid of this problem. I've been
harping about this for years (sorry to sound like a jerk, but this
really is a major problem that keeps coming up and annoys users/admins
to no end. There are solutions -- Linux solved it by implementing a
lockless circular ring buffer[1] used by kmsg).
The """workaround""" -- which again, does not solve the problem, only
decreases the regularity of it happening (and when it does happen, can
sometimes decrease how much interspersed output there is) -- is to add
the following line to your kernel config and rebuild/reinstall your
kernel:
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
This option became part of the GENERIC kernel configuration file at the
following times:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/amd64/conf/GENERIC#rev1.529
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/i386/conf/GENERIC#rev1.517
Depending on what release/tag you follow, you may or may not find the
above commit/change in your GENERIC file. I can't be bothered to track
down what time the CVS tagging was done, for multiple architectures,
etc...
[1]: http://www.mjmwired.net/kernel/Documentation/trace/ring-buffer-design.txt
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-stable
mailing list