Bug #7476
open
Dirty buffer used to build log messages?
0%
Description
I've identified numerous cases where log lines appear to contain extraneous data beyond the actual end of the line. For example:
unreachable-port-number="24239124" 2017-04-08T20:42:29-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,53,38815,0,none,1,icmp,144,186.251.180.85,74.2.136.123,unreachport,186.251.180.85,UDP,24239124
unreachable-port-number="2423966" 2017-04-08T20:42:29-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,53,38814,0,none,1,icmp,86,186.251.180.85,74.2.136.123,unreachport,186.251.180.85,UDP,2423966
echo-sequence="2128140" 2017-03-24T06:40:05-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,242,12845,0,none,1,icmp,60,186.229.64.128,74.2.142.228,request,2,2128140
echo-sequence="3911040" 2017-03-25T10:08:27-04:00 fw1srvp01 filterlog: 149,16777216,,1425503650,lagg0_vlan11,match,block,in,4,0x0,,117,56238,0,none,1,icmp,60,186.129.28.107,74.2.136.124,request,512,3911040
echo-sequence="430758" 2017-03-25T13:15:16-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,243,31923,0,none,1,icmp,28,186.91.71.58,74.2.142.230,request,10,430758
echo-sequence="429938" 2017-03-30T15:41:46-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,118,58775,0,none,1,icmp,28,186.250.56.51,74.2.142.228,request,512,429938
echo-sequence="375728" 2017-04-07T21:57:18-04:00 fw1srvp01 filterlog: 184,16777216,,1425503689,lagg0_vlan10,match,block,in,4,0x0,,239,29168,0,none,1,icmp,28,218.27.204.33,74.2.142.230,request,186,375728
I've created a parser that converts the log entries to xml, and these inconsistencies showed up easily because the xml won't validate against the xsd... but absent something that does a rigorous type check against this data it's easy to miss these.
No data to display