Login or Register to Ask a Question and Join Our Community


Solaris

/var/adm/messages

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris /var/adm/messages
# 1  
Old 12-16-2003
/var/adm/messages
Check message file and result posted below.
Can anyone tell me what this is a sign of, what does it mean?

Code:
server1% more messages.0
Dec 02 09:35:06 server1 bsd-gw[25101]: [ID 315218 lpr.error] Inval
id protocol request (65): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA^\\2
00õw\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220ë^C]ë^Eèøÿÿÿ\203Å^U\220\220\220\
213Å3Éf¹^P^CP\2000\227@âú~\216\225\227\227Í^\M^T|\220ýhÄó6\227\227\227\227Çó^^²\
227\227\227\227¤L,\227\227wà^?K\226\227\227^Vl\227\227h(\230^TY\226\227\227^VT\2
27\227\226\227ñ^V¬ÚÍâp¤W^\Ô«\224Tñ^V¯ÇÒâN^TWï^\§\224d^\Ù\233\224\^V®ÜÒÅÙâR^Vî\22
3ÒÛ¤¥â+¤h^\Ñ·\224T^\\\224\237^V®ÐòãÇâ\236^Vî\223åøôÖã\221Ð^TW\223|r\224h\224l^\Á
³\224m¤Eñ^\\200^\m^\Ñ\207ß\224o¤^^\X\224^\224^\224Ù\213\224\^\®\224l~þ\226\227\2
27É^P`^\@¤W`G^\_e8^^¥^ZÕ\237ÅÇÄh\205Í^^Õ\223^Zå\202ÅÁhÅ\223ͤW;^SWân¤^^]\231^S^ã
\236ÅÁÄh\205Í<u^?ÑÅÁhÅ\223Í^\O¤W;^SWân¤^^]\231^Wn\225ã\236ÅÁÄh\205Í<up¤WÇ×Ç×ÇhÀ^
?^Dý\207ÁÄhÀ{ý\225ÄhÀg¤WÀÇ'\233<Ï<×<ÈßÇÀÁ:ÁhÀWßÇÀ:Á:ÁhÀWß'Ó^^\220ÀhÀS¤W^\Ñc^^Ы^
^Ð×^\\221^^Я¤Wñ/\226\226^^лÀÀ¤WÇÇÇ×ÇßÇÇ:Á¤WÇhÀ_hághÀ[hákhÀ[ßÇÇÄhÀc^\O¤W#\223ÇV
^?\223ÇhÀC^\g¤W^\_"\223ÇÇÀÆÁhà?hÀG^T¨\226뵤WÇÀh_Áhà?hÀK\234W㸤WÇh_ÁÄhÀoýÇhÀw|_
¤WÇ#\223ÇÁÄhÀkÀ¤^ÆÇÁhà;hÀOýÇhÀw|=ÇhÀs|iÏÇ^^ÕeT^\Ó³\233\222/\227\227\227P\227ïÁ£\
205¤WT|{^?ujhh^?^EihhÜÁpà´^WpàÛøöóÛþõåöåîÖ\227ÜÒÅÙÒÛ¤¥\227ÔåòöãòÇþçò\227ÐòãÄãöåã
âçÞùñøÖ\227ÔåòöãòÇåøôòääÖ\227Ôûøäòßöùóûò\227ÇòòüÙöúòóÇþçò\227ÐûøõöûÖûûøô\227Àåþã
òÑþûò\227ÅòöóÑþûò\227Äûòòç\227ÒïþãÇåøôòää\227\227ÀÄØÔܤ¥\227äøôüòã\227õþùó\227ûþ
äãòù\227öôôòçã\227äòùó\227åòôá\227\225\227\211û\227\227\227\227\227\227\227\227\
227\227\227\227ôúó¹òïò\227hhhh
server1%


Thanks.
# 2  
Old 12-16-2003
Error is from 'lpr' -- the print command. Have you tried printing something recently that might have caused it?
# 3  
Old 12-16-2003
No printers are installed on this box.


If someone tried to print something, is this the error message I can expect in the future?
# 4  
Old 12-16-2003
Hi,

I don't know if you pasted all the text correctly, but it might be someone trying to exploit your print daemon... if you don't need the printer service, just disable it and see if you have all the patches installed.
# 5  
Old 12-17-2003
It does look suspiciously like padding for a buffer overflow. Any service that you don't actually need (lpd in this case) should be shutdown. After seeing something like this, I'd take the time to not only proble for listening ports locally, but use an external tool such as nessus or nmap to peer into your system and etherreal to watch the outbound.

Cheers,

Keith
# 6  
Old 12-17-2003
Thanks for the replies.....I'll take your advice.


Thanks again.
# 7  
Old 02-09-2009
Java What ID corresponds to
Hi,

In the entry of each messages in /var/adm/messages there ID is there, what this ID corresponds to. I mean to say how this ID get generated?

Sandeep
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

2. Shell Programming and Scripting

trying get the last /var/adm/messages

grep \"^`date "+%b %d %T"`\" /var/adm/messages | egrep \"emerg|alert|crit|err|warning\ but get an output like this ksh: alert: not found ksh: crit: not found ksh: err: not found ksh: warning": not found grep: can't open "19" grep: can't open "16:27:16"" (1 Reply)
Discussion started by: arch12
1 Replies

3. UNIX for Advanced & Expert Users

/var/adm/messages vs /var/log/messages

The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies

4. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

5. Solaris

Info req: /var/adm/messages - Kern.warning - different ID messages

Hi all, where I can find a list and meaning of the ID number (for example ID 353554 kern.warning)? Thanks in advance Pierluigi (1 Reply)
Discussion started by: Petrucci
1 Replies

6. Solaris

/var/adm/messages

Hello Friends, I am geting the folowing error in /var/adm/message is it disl related problem? if yes.. how to check all the disk are perfect or not? Sep 15 06:01:12 scsi: WARNING: /pci@1f,700000/scsi@2/sd@2,0 (sd7): Sep 15 06:01:12 Error for Command: write(10) Error Level:... (5 Replies)
Discussion started by: bullz26
5 Replies

7. UNIX for Dummies Questions & Answers

/var/adm/messages

Hi, No log entry is found in messages files. The file size is 0. We are using Solaris 9. Anyone knows what could be wrong. (3 Replies)
Discussion started by: FrankC
3 Replies

8. Solaris

/var/adm/messages

I'm running a Solaris 9 box with Oracle databases on it. I'm getting the following messages in my /var/adm/messages log "Jun 24 12:30:32 sundb01 bootpd: IP address not found: xxx.xxx.xxx.xxx" ...where xxx.xxx.xxx.xxx is DHCP IP addresses of Windows 2000 workstations in the organisation. ... (2 Replies)
Discussion started by: soliberus
2 Replies

9. Solaris

/var/adm/messages- Help

Solaris 8/ sun 420R Checked /var/adm/messages file and got the following message: Dec 4 16:40:05 serverXYZ ConfigProvider: get_pkg_instdate: getdate failed for the standard C locale (7) Does anyone know what this means? Looked up getdate but do not understand.... Thanks. (1 Reply)
Discussion started by: finster
1 Replies

10. UNIX for Dummies Questions & Answers

Messages in /var/adm

Just want to check with all of you out there what does the following warning means in my "messages" file in /var/adm the warning is Prevous Time Adjustment Incomplete , does it mean my hard ware is faulty if so which piece of hardware it is ? (1 Reply)
Discussion started by: owls
1 Replies
Login or Register to Ask a Question