Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

(/var/log/messages) issue

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers (/var/log/messages) issue
# 1  
Old 11-20-2009
(/var/log/messages) issue
Hi,

I found this in my logs today for vsftpd:
Code:
Nov 17 08:43:58 ftp vsftpd: Tue Nov 17 13:43:58 2009 [pid 26389] [ccm] OK LOGIN: Client "205.150.86.90"
Nov 17 08:44:49 ftp avahi-daemon[2443]: Withdrawing address record for 205.111.86.22 on eth0.
Nov 17 08:44:49 ftp avahi-daemon[2443]: Leaving mDNS multicast group on interface eth0.IPv4 with address 205.111.86.22 
Nov 17 08:44:49 ftp avahi-daemon[2443]: iface.c: interface_mdns_mcast_join() called but no local address available.
Nov 17 08:44:49 ftp avahi-daemon[2443]: Interface eth0.IPv4 no longer relevant for mDNS.
Nov 17 08:44:49 ftp avahi-daemon[2443]: Withdrawing address record for fe80::213:20ff:feaf:2fae on eth0.
Nov 17 08:44:49 ftp avahi-daemon[2443]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::213:20ff:feaf:2fae.
Nov 17 08:44:49 ftp avahi-daemon[2443]: iface.c: interface_mdns_mcast_join() called but no local address available.
Nov 17 08:44:49 ftp avahi-daemon[2443]: Interface eth0.IPv6 no longer relevant for mDNS.
Nov 17 08:44:50 ftp kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Nov 17 08:44:50 ftp kernel: e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex

What is going on?
# 2  
Old 11-20-2009
try ping this peer "205.111.86.22" and check whether it is alive
# 3  
Old 11-20-2009
Yes it is alive and a few lines below I see:

Code:
Nov 17 08:44:50 ftp kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Nov 17 08:44:50 ftp kernel: e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex
Nov 17 08:44:50 ftp kernel: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Nov 17 08:44:51 ftp avahi-daemon[2443]: New relevant interface eth0.IPv4 for mDNS.
Nov 17 08:44:51 ftp avahi-daemon[2443]: Joining mDNS multicast group on interface eth0.IPv4 with address 205.150.86.39.
Nov 17 08:44:51 ftp avahi-daemon[2443]: Registering new address record for 
205.111.86.22 on eth0.
Nov 17 08:44:51 ftp avahi-daemon[2443]: New relevant interface eth0.IPv6 for mDNS.
Nov 17 08:44:51 ftp avahi-daemon[2443]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::213:20ff:feaf:2fae.

I guess my question is why did it withdraw the IP and then suddenly rejoin?
# 4  
Old 11-20-2009
Quote:
Originally Posted by mojoman
Yes it is alive and a few lines below I see:
[...]
I guess my question is why did it withdraw the IP and then suddenly rejoin?
The mDNS package (multicastDNS) thinks you're disconnecting from the network and reconnecting again. If the rest of the your network services disappear for a short time as well, then you may have an intermittent cable problem. Try swapping out the cable and see if the problem goes away.

If the rest of your network services stay up while mDNS goes down, then it's just that one service. All I can think of in that regard is some kind of autoconfiguration process that is running periodically and it causes mDNS to shutdown and then come back up. I don't know what type of service it may be that does that, though. You could try Google'ing it and see what you get. Another (rather "overkill" technique) would be to turn on system accounting and the next time you see those messages in your log file check the accounting data and determine what was running during that time period.

Yet another technique (just as much overkill as the previous) would be to run strace -f on the mDNS service (add the timestamp option to strace; probably -t or -T) and then you can see what's happening inside the application by comparing timestamps with the next occurrence that appears in the log.

Warning: the strace option will create a HUGE amount of data! Especially if it takes hours or days before the entry is repeated in the log file.
# 5  
Old 11-20-2009
How do I turn on system accounting?
# 6  
Old 11-20-2009
You first have to install the accounting package. You don't say which OS you're running, but I'll assume RedHat/CentOS. The RPM for that is sysstat. You'll need to read the documentation for it -- you want to enable the lines in the crontab that are associated with process accounting. (I don't have a Linux box nearby to check which ones those are.)

How often have you been seeing these mDNS messages?
# 7  
Old 11-20-2009
I actually turned on process accounting using accton command since that package is already installed. It did not happen often by I am logging in case it happens again.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Meaning of /var/log/messages

I am getting a lot of message as follows in /var/log/message files as follows. messages.1:559:May 4 20:01:56 SERVER2 kernel: session_stat: sync=0 async=33 aretr=0 messages.1:560:May 4 20:02:42 SERVER2 kernel: session_stat: dev=fd:5 state=6 blksize=4096 mmapsize=262144 messages.1:561:May 4... (2 Replies)
Discussion started by: Anjan Ganguly
2 Replies

2. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

3. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

4. SuSE

Some error messages in var/log/messages

How are you? SUSE V10 and 11. In /var/log/messages I see these lines in some servers. I'd like to know what causes these errors and how to fix them. Thank you, error: PAM: Authentication failure for root from XXXXXXXX Did not receive identification string from XXXXXXX Invalid user suse-gm... (2 Replies)
Discussion started by: JDBA
2 Replies

5. UNIX for Dummies Questions & Answers

fprintd messages in /var/log/messages

Whenever a user uses su I get the following error messages in /var/log/messages: Nov 23 04:24:55 <REMOVED> abrt: saved core dump of pid 26141 (/usr/libexec/fprintd) to /var/spool/abrt/ccpp-1322018695-26141.new/coredump (753664 bytes) Nov 23 04:24:55 <REMOVED> abrtd: Directory... (3 Replies)
Discussion started by: JakesHat
3 Replies

6. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

7. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

8. UNIX for Advanced & Expert Users

/var/adm/messages vs /var/log/messages

The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies

9. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

10. UNIX for Dummies Questions & Answers

/var/log/messages

Which programm, deamon or script is responsible for filling the file /var/log/messages ? (1 Reply)
Discussion started by: Cozmic
1 Replies
Login or Register to Ask a Question