Hello Ben, thanks for the response, but we do not use a serial console or similar. In addition to that we've not adjusted our rule set within the last 2 years and had no issues e.g. using the kernel version 2.6.32+29 (amd64) with the configured LOG action on squeeze.
Again, thanks for your support. Mit freundlichen Grüßen / Kind regards, Daniel Gassen CC Security & gCERT / gCERT Coordinator Phone: +49 621 60-45903 Mobile: +49 174 3496548 E-Mail: daniel.gas...@basf.com Postal Address: BASF Business Services GmbH, GSI/ITNB - C010, 67059 Ludwigshafen, Germany BASF - The Chemical Company BASF Business Services GmbH, Registered Office: 67059 Ludwigshafen, Germany Companies' Register: Amtsgericht Ludwigshafen, HRB 3541 Managing Directors: Andreas Biermann, Stefan Beck, Wiebe van der Horst Chairman of the Supervisory Board: Dr. Robert Blackburn www.information-services.basf.com From: Ben Hutchings <b...@decadent.org.uk> To: Don Armstrong <d...@debian.org>, daniel.gas...@basf.com Cc: rene.fassben...@basf.com, michael.schu...@basf.com, 742...@bugs.debian.org Date: 28.03.2014 22:12 Subject: Re: Bug#742109: Acknowledgement (Soft lookup during port scan and IPTables log enabled) On Fri, 2014-03-28 at 09:17 -0700, Don Armstrong wrote: > On Fri, 28 Mar 2014, daniel.gas...@basf.com wrote: > > any update on this bug report so far? > > Do you need further information from us? > > This looks awfully like > https://bugzilla.kernel.org/show_bug.cgi?id=6816. > > Presumably, you're writing the LOG requests to something (serial console > or similar) which cannot keep up, and the printk blocks. > > You should probably switch to using -j ULOG and ulogd instead of -j LOG. Yes, logging network events to the console without rate-limiting is a misconfiguration. Combining that with a serial console would be a particularly bad idea. This is because the kernel logs synchronously, a deliberate decision to ensure that all messages prior to a crash are actually recorded. Ben. -- Ben Hutchings Always try to do things in chronological order; it's less confusing that way. [Anhang "signature.asc" gelöscht von Daniel Gassen/BASF-IT-S/BASF]
