Project

General

Profile

Actions

Bug #7476

open

Dirty buffer used to build log messages?

Added by Ted Lum over 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
-
Start date:
04/17/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.x
Affected Architecture:

Description

I've identified numerous cases where log lines appear to contain extraneous data beyond the actual end of the line. For example:

unreachable-port-number="24239124"
2017-04-08T20:42:29-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,53,38815,0,none,1,icmp,144,186.251.180.85,74.2.136.123,unreachport,186.251.180.85,UDP,24239124

unreachable-port-number="2423966"
2017-04-08T20:42:29-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,53,38814,0,none,1,icmp,86,186.251.180.85,74.2.136.123,unreachport,186.251.180.85,UDP,2423966

echo-sequence="2128140"
2017-03-24T06:40:05-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,242,12845,0,none,1,icmp,60,186.229.64.128,74.2.142.228,request,2,2128140

echo-sequence="3911040"
2017-03-25T10:08:27-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,117,56238,0,none,1,icmp,60,186.129.28.107,74.2.136.124,request,512,3911040

echo-sequence="430758"
2017-03-25T13:15:16-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,243,31923,0,none,1,icmp,28,186.91.71.58,74.2.142.230,request,10,430758

echo-sequence="429938"
2017-03-30T15:41:46-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,118,58775,0,none,1,icmp,28,186.250.56.51,74.2.142.228,request,512,429938

echo-sequence="375728"
2017-04-07T21:57:18-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,239,29168,0,none,1,icmp,28,218.27.204.33,74.2.142.230,request,186,375728

I've created a parser that converts the log entries to xml, and these inconsistencies showed up easily because the xml won't validate against the xsd... but absent something that does a rigorous type check against this data it's easy to miss these.

No data to display

Actions

Also available in: Atom PDF