syslog/kern.log messages junk

XoCluTch

Active Member
Jul 29, 2018
24
3
43
40
Since a recent patch my syslog is not filling up with a lot of spam. Is this something wrong with my system, or something new? I dont recall seeing anything in my logs, until a few days ago (except pvesr junk). Did kern.log always show up in syslog?

Thanks,




Mar 01 15:35:51 XoServer02 audit: PROCTITLE proctitle=737368643A20726F6F74205B707269765D
Mar 01 15:35:51 XoServer02 kernel: kauditd_printk_skb: 1 callbacks suppressed
Mar 01 15:35:51 XoServer02 kernel: audit: type=1006 audit(1614630951.483:61684): pid=117775 uid=100000 old-auid=4294967295 auid=100000 tty=(none) old-ses=4294967295 ses=3241 res=1
Mar 01 15:35:51 XoServer02 kernel: audit: type=1300 audit(1614630951.483:61684): arch=c000003e syscall=1 success=yes exit=1 a0=4 a1=7ffdfbfd5f90 a2=1 a3=fffffffffffffb8e items=0 ppid=4001877 pid=117775 auid=100000 uid=100000 gid=100000 euid=100000 suid=100000 fsuid=100000 egid=100000 sgid=100000 fsgid=100000 tty=(none) ses=3241 comm="sshd" exe="/usr/sbin/sshd" key=(null)
Mar 01 15:35:51 XoServer02 kernel: audit: type=1327 audit(1614630951.483:61684): proctitle=737368643A20726F6F74205B707269765D
Mar 01 15:35:53 XoServer02 audit: NETFILTER_CFG table=filter family=7 entries=0
Mar 01 15:35:53 XoServer02 audit[117904]: SYSCALL arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=80 a3=55db9a3b5f90 items=0 ppid=3416 pid=117904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ebtables-restor" exe="/usr/sbin/ebtables-legacy-restore" key=(null)
Mar 01 15:35:53 XoServer02 audit: PROCTITLE proctitle="ebtables-restore"
Mar 01 15:35:53 XoServer02 kernel: audit: type=1325 audit(1614630953.831:61685): table=filter family=7 entries=0
Mar 01 15:35:53 XoServer02 kernel: audit: type=1300 audit(1614630953.831:61685): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=80 a3=55db9a3b5f90 items=0 ppid=3416 pid=117904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ebtables-restor" exe="/usr/sbin/ebtables-legacy-restore" key=(null)
Mar 01 15:35:53 XoServer02 kernel: audit: type=1327 audit(1614630953.831:61685): proctitle="ebtables-restore"
Mar 01 15:36:00 XoServer02 systemd[1]: Starting Proxmox VE replication runner...
Mar 01 15:36:01 XoServer02 systemd[1]: pvesr.service: Succeeded.
Mar 01 15:36:01 XoServer02 systemd[1]: Started Proxmox VE replication runner.
Mar 01 15:36:01 XoServer02 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pvesr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Mar 01 15:36:01 XoServer02 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pvesr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Mar 01 15:36:01 XoServer02 kernel: audit: type=1130 audit(1614630961.591:61686): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pvesr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Mar 01 15:36:01 XoServer02 kernel: audit: type=1131 audit(1614630961.591:61687): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pvesr comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 
Any idea why I'm getting this NETFLITER_CFG message?
I'm getting these messages since I've installed auditbeat. Which receives audit events from the Linux Audit Framework as a part of the Linux kernel. If I disable auditbeat and restart the pve server the silence is back. You should have a look if auditd is present on your system.

My question is: Which process of pve is reloading the ebtable-rules? In my case the ebtables are disabled and not used.

Update: Please excuse my initial laziness but I've investigated the process which reloads the ebtables: pve-firewall

My questions:
  1. Why is it reloading the table rules even if if disabled it on node level?
  2. Is there a solution to completely disable this behavior?
 
Last edited:
  1. Why is it reloading the table rules even if if disabled it on node level?
Do you use the firewall? Even if it is just for the guests, the firewall is running on the nodes.

Traffic for the nodes are using iptables input chains while the rules for the guests are forward chains.
 
Do you use the firewall? Even if it is just for the guests, the firewall is running on the nodes.

Traffic for the nodes are using iptables input chains while the rules for the guests are forward chains.
Hi Aaron,

yes I'am using the firewall. But why is it reloading the ebtables and only the ebtables on a continuous base? As I said, I disabled the ebtables on the cluster level.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!