lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.00.0911251224060.13062@p34.internal.lan>
Date:	Wed, 25 Nov 2009 12:30:34 -0500 (EST)
From:	Justin Piszcz <jpiszcz@...idpixels.com>
To:	linux-kernel@...r.kernel.org
Subject: netconsole/sysklogd (un)wrapping of kernel messages?

Hello,

I tried using netconsole with sysklogd or syslog-ng, and in either event I 
see entries as follows:

Nov 25 12:23:25 192.168.1.2 0 12772  12765 0x00000000
Nov 25 12:23:25 192.168.1.2 00000003035d4ea8
Nov 25 12:23:25 192.168.1.2 000000000000c8e8
Nov 25 12:23:25 192.168.1.2 [122776.793261]  [<ffffffff810c29b0>] ? pollwake+0x0/0x60
Nov 25 12:23:25 192.168.1.2 [122776.793261]  [<ffffffff8144fd59>] ? _spin_lock_bh+0x9/0x20
Nov 25 12:23:25 192.168.1.2 [122776.793261]  [<ffffffff813af673>] ? release_sock+0x13/0xa0
Nov 25 12:23:25 192.168.1.2 [122776.793261]  [<ffffffff813f0a85>] ? tcp_recvmsg+0x225/0x9c0

See the first 3 lines, pieces seem to be out of place (syslog-ng).

Again with sysklogd:

Nov 25 12:19:50 l1 [122561.934261] sshd          S
Nov 25 12:19:50 l1 [122561.955377]  [<ffffffff8102c52b>] ? system_call_fastpath+0x16/0x1b 
Nov 25 12:19:50 l1 [122561.955377]  [<ffffffff8102c52b>] ? system_call_fastpath+0x16/0x1b 
Nov 25 12:19:50 l1  0000000000000000
Nov 25 12:19:50 l1  ffff8801fa6adc50

Nov 25 12:19:50 l1 [122561.934261] sshd          S
Nov 25 12:19:50 l1 [122561.955377]  [<ffffffff8102c52b>] ? system_call_fastpath+0x16/0x1b 
Nov 25 12:19:50 l1 [122561.955377]  [<ffffffff8102c52b>] ? system_call_fastpath+0x16/0x1b 
Nov 25 12:19:50 l1  0000000000000000
Nov 25 12:19:50 l1  ffff8801fa6adc50

According to this document:
http://www.novell.com/communities/node/4753/netconsole-howto-send-kernel-boot-messages-over-ethernet

Those messages appear cleanly with no splitting.

Where as mine:

Nov 24 02:17:17 l1 [    9.272986] md:  adding sda1 ... 
Nov 24 02:17:17 l1 [    9.273038] md: created md0 
Nov 24 02:17:17 l1 [    9.273083] md: bind<sda1> 
Nov 24 02:17:17 l1 [    9.273144] md: bind<sdb1> 
Nov 24 02:17:17 l1 [    9.273202] md: running: 
Nov 24 02:17:17 l1 sdb1>
Nov 24 02:17:17 l1 sda1>
Nov 24 02:17:17 l1 
Nov 24 02:17:17 l1 [    9.273453] raid1: raid set md0 active with 2 out of 2 mirrors 
Nov 24 02:17:17 l1 [    9.273519] md0: detected capacity change from 0 to 17190682624

Seem to be split all over the place.

The purpose of using netconsole is to try to catch a deadlock condition but
I am afraid if/once I do the output will be so mangled it will make it
difficult to read.

---

One way to see if its not related to sysklogd/syslog-ng is to use netcat,
trying that I get:

[123058.837271] sshd          S 0000000000000000     0 12772  12765 0x00000000
  0000000000000082 ffffea000666fbc8
[123058.837271]  000000000000ff80 000000000000c8e8 ffff88023f3f7330 ffff88023f3f75b0
[123058.837271]  000000023a66db80 00007f9a6e05c020 ffff88023f3f75b0
[123058.837271] Call Trace:
[123058.837271]  [<ffffffff81071acb>] ? getnstimeofday+0x5b/0xe0
[123058.837271]  [<ffffffff8144e5a9>] ? schedule_timeout+0x119/0x1a0
[123058.837271]  [<ffffffff81051500>] ? default_wake_function+0x0/0x10
[123058.837271]  [<ffffffff8102c52b>] ? system_call_fastpath+0x16/0x1b
[123058.837271] spawn         S 0000000000000000     0 13047   2559 0x00000000
[123058.837271]  ffff88023f890630 0000000000000082 0000000000000001 ffffea00015e7ab8
[123058.837271]  000000000000ff80 000000000000c8e8 ffff8800a5b12ed0 ffff8800a5b13150
[123058.837271]  000000010414c670 00000001074ffd1b 0000000000000286 ffff8800a5b13150

The output is much cleaner.

Is there any tweak to get this to work with sysklogd/syslog-ng so the output
is more readable?

Justin.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ