Fwd: (RADIATOR) Incomplete entries in syslog

Jan Tomasek jan at tomasek.cz
Thu Aug 26 06:16:49 CDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hugh and Mike,

My original mail was bazilion times forwareded. I'm sorry for messed quoting
of this email.

>>> Hi Mikey -
>>>
>>> Any suggestions for Jan about what to do about it?
>>
>> Make sure his syslog client and server is the latest?

Syslog-ng is running localy so client is Radiator 3.9 with all latest patches
installed. Syslog-ng itself is 1.5.15-1.1 that is latest package for
Debian/woody. For Debian/unstable is avail.version 1.6.4-1 So no I'm not
running latest version, but I'm not going to install latest/unstable software
without exact prove that actual version is bugy. There is relevant bug report
pending (http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=syslog-ng), not even
 old resolved
(http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=syslog-ng&archive=yes).

>>>> Suspect syslog is getting confused with very long log lines.

It again happen this morning:

Aug 26 05:40:22 radius1 ZW<169><160><221><229><160> Attributes:
Tunnel-Private-Group-ID = 1:666         Tunnel-Type = 1:VLAN
Tunnel-Medium-Type = 1:802

This is comlete entry loged by "<Log FILE>..." it is not that long I thing.

Thu Aug 26 05:40:22 2004: DEBUG: Packet dump:
*** Received from 195.113.144.226 port 1812 ....
Code:       Access-Accept
Identifier: 51
Authentic:  <209><24><222><253><23><15><251>%cZW<169><160><221><229><160>
Attributes:
        Tunnel-Private-Group-ID = 1:666
        Tunnel-Type = 1:VLAN
        Tunnel-Medium-Type = 1:802

I think it is some problem in Radiator. I'm running syslog-ng in this version
on multiple systems, many of them are under very heavy load and I never seen
in log files corrupted this way. Sadly I'm not able say any way how to quickly
force radiator to mess log entry. I tried to send thousand times access
authorization but corrupted log entry never happend. But I need to fix it
somehow, that packets are hitting in logcheck which I'm is examinging log
files and come to me.

Attached log files:
  radius-file.log is log file produced by <Log FILE>
  radius-syslog.log is ... by <Log SYSLOG>
just for case you want to examine it yourself.

At this time it isn't serious, few mails peer day are easy to ignore. But I'm
not will take risk that it will increase in future. It can flood target of
logcheck mails and also this corrupted messages are not loged on remote syslog
so are invisible to other administrators and it can become serious problem in
future.

I hope you will find a solution soon. If I can help you anyhow let me know.

Best regards
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBLcag79++DGvj6tMRAs/uAJ99oe9K1t6vaL598xmF1MxHGawrugCgkKsG
/LVlPPJdqVYFZXoGrrDEwVs=
=BT5B
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiator-file.log
Type: text/x-log
Size: 3636 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040826/41894180/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiator-syslog.log
Type: text/x-log
Size: 3649 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040826/41894180/attachment-0001.bin>

More information about the radiator mailing list