Hello, I tried emailing the NFSen list, but the message didn't seem to get posted; maybe someone here can help.
NFSen is installed and working on OpenBSD/amd64 4.6-stable box, but I'm seeing errors that concern me. It seems the httpd processes crash and restart periodically. The symptom is that sometimes the images don't load. Has anyone gotten this working? Thanks for any pointers, David /var/log/messages: Dec 30 12:43:50 bsd suhosin[8177]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '172.16.103.93', file '/nfsen/nfsen.php') Dec 30 12:45:54 bsd suhosin[25505]: ALERT - canary mismatch on efree() - heap overflow detected (attacker '172.16.103.93', file '/nfsen/rrdgraph.php') /var/log/daemon: Dec 30 12:40:00 bsd /usr/local/bin/nfcapd[27655]: Ident: 'router-a' Flows: 59226, Packets: 4291111, Bytes: 1499443099, Sequence Errors: 561, Bad Packets: 0 Dec 30 12:40:00 bsd /usr/local/bin/nfcapd[155]: Ident: 'router-b' Flows: 19650, Packets: 291815, Bytes: 118356398, Sequence Errors: 0, Bad Packets: 0 Dec 30 12:40:01 bsd /usr/local/bin/nfcapd[10026]: Ident: 'router-c' Flows: 4350, Packets: 137826, Bytes: 30433517, Sequence Errors: 0, Bad Packets: 0 Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[27655]: Ident: 'router-a' Flows: 60408, Packets: 2594703, Bytes: 1021079600, Sequence Errors: 590, Bad Packets: 0 Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[155]: Ident: 'router-b' Flows: 19320, Packets: 765136, Bytes: 292342858, Sequence Errors: 0, Bad Packets: 0 Dec 30 12:45:00 bsd /usr/local/bin/nfcapd[10026]: Ident: 'router-c' Flows: 4800, Packets: 630851, Bytes: 78055611, Sequence Errors: 0, Bad Packets: 0 /var/log/nfsen: Dec 30 12:43:34 bsd nfsen[22713]: nfsend: Got SIGUSR1 Dec 30 12:43:34 bsd nfsen[22713]: Signal comm server to terminate Dec 30 12:43:35 bsd nfsen[26369]: Quit comm server. Dec 30 12:43:35 bsd nfsen[26369]: Cleanup plugins Dec 30 12:43:35 bsd nfsen[26369]: Comm server terminated: [26369]. Dec 30 12:43:35 bsd nfsen[22713]: expected exit of child Comm Server[26369]. Process died. Dec 30 12:43:35 bsd nfsen[22713]: Restart /usr/local/bin/nfsend Dec 30 12:43:36 bsd nfsen[22713]: Startup. Version: 1.3.2 $Id: nfsend 14 2009-06-10 08:07:06Z haag $ Dec 30 12:43:36 bsd nfsen[22291]: nfsend: [22291] Dec 30 12:43:36 bsd nfsen[28699]: Comm server started: [28699] Dec 30 12:43:36 bsd nfsen[28699]: Loading plugin 'PortTracker': Success Dec 30 12:43:36 bsd nfsen[28699]: PortTracker: Init Dec 30 12:43:36 bsd nfsen[28699]: Initializing plugin 'PortTracker': Success Dec 30 12:43:36 bsd nfsen[28699]: plugin 'PortTracker': Profile plugin: 0, Alert condition plugin: 0, Alert action plugin: 0 Dec 30 12:43:36 bsd nfsen[28699]: No site specific lookup module found Dec 30 12:43:37 bsd nfsen[22291]: Run periodic at Wed Dec 30 12:40:00 2009 Dec 30 12:43:37 bsd nfsen[22291]: No update required. Last successful update was Wed Dec 30 12:35:00 2009 Dec 30 12:43:37 bsd nfsen[22291]: Run expire at Wed Dec 30 12:40:00 2009 Dec 30 12:43:37 bsd nfsen[22291]: End expire at Wed Dec 30 12:40:00 2009 Dec 30 12:43:50 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:43:50 bsd nfsen[28699]: comm server started: 247 Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-globals Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-du Dec 30 12:43:50 bsd nfsen[247]: comm child[4620] terminated with no exit value Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: get-profile Dec 30 12:43:50 bsd nfsen[247]: Cmd Decode: quit Dec 30 12:43:50 bsd nfsen[28699]: comm child[247] terminated with no exit value Dec 30 12:44:15 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:15 bsd nfsen[28699]: comm server started: 20672 Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-globals Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-du Dec 30 12:44:15 bsd nfsen[20672]: comm child[21819] terminated with no exit value Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: get-profile Dec 30 12:44:15 bsd nfsen[20672]: Cmd Decode: quit Dec 30 12:44:15 bsd nfsen[28699]: comm child[20672] terminated with no exit value Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 29839 Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-globals Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-du Dec 30 12:44:18 bsd nfsen[29839]: comm child[19020] terminated with no exit value Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: get-profile Dec 30 12:44:18 bsd nfsen[29839]: Cmd Decode: quit Dec 30 12:44:18 bsd nfsen[28699]: comm child[29839] terminated with no exit value Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 7567 Dec 30 12:44:18 bsd nfsen[7567]: Cmd Decode: get-picture Dec 30 12:44:18 bsd nfsen[28699]: comm child[7567] terminated with no exit value Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 14230 Dec 30 12:44:18 bsd nfsen[14230]: Cmd Decode: get-picture Dec 30 12:44:18 bsd nfsen[28699]: comm child[14230] terminated with no exit value Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 30773 Dec 30 12:44:18 bsd nfsen[30773]: Cmd Decode: get-picture Dec 30 12:44:18 bsd nfsen[28699]: comm child[30773] terminated with no exit value Dec 30 12:44:18 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:18 bsd nfsen[12659]: Cmd Decode: get-picture Dec 30 12:44:18 bsd nfsen[28699]: comm server started: 12659 Dec 30 12:44:18 bsd nfsen[28699]: comm child[12659] terminated with no exit value Dec 30 12:44:19 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:19 bsd nfsen[28699]: comm server started: 25466 Dec 30 12:44:19 bsd nfsen[25466]: Cmd Decode: get-picture Dec 30 12:44:19 bsd nfsen[28699]: comm child[25466] terminated with no exit value Dec 30 12:44:20 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:20 bsd nfsen[28699]: comm server started: 32649 Dec 30 12:44:20 bsd nfsen[32649]: Cmd Decode: get-picture Dec 30 12:44:20 bsd nfsen[28699]: comm child[32649] terminated with no exit value Dec 30 12:44:20 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:20 bsd nfsen[28699]: comm server started: 1356 Dec 30 12:44:20 bsd nfsen[1356]: Cmd Decode: get-picture Dec 30 12:44:20 bsd nfsen[28699]: comm child[1356] terminated with no exit value Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 14868 Dec 30 12:44:21 bsd nfsen[14868]: Cmd Decode: get-picture Dec 30 12:44:21 bsd nfsen[28699]: comm child[14868] terminated with no exit value Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 19042 Dec 30 12:44:21 bsd nfsen[19042]: Cmd Decode: get-picture Dec 30 12:44:21 bsd nfsen[28699]: comm child[19042] terminated with no exit value Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 21012 Dec 30 12:44:21 bsd nfsen[21012]: Cmd Decode: get-picture Dec 30 12:44:21 bsd nfsen[28699]: comm child[21012] terminated with no exit value Dec 30 12:44:21 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:21 bsd nfsen[28699]: comm server started: 4741 Dec 30 12:44:21 bsd nfsen[4741]: Cmd Decode: get-picture Dec 30 12:44:21 bsd nfsen[28699]: comm child[4741] terminated with no exit value Dec 30 12:44:22 bsd nfsen[28699]: connection on UNIX socket Dec 30 12:44:22 bsd nfsen[28699]: comm server started: 31416 Dec 30 12:44:22 bsd nfsen[31416]: Cmd Decode: get-picture Dec 30 12:44:22 bsd nfsen[28699]: comm child[31416] terminated with no exit value /var/www/logs/error_log: [Wed Dec 30 12:43:50 2009] [error] ALERT - canary mismatch on efree() - heap overflow detected (attacker '172.16.103.93', file '/nfsen/nfsen.php') [Wed Dec 30 12:44:19 2009] [notice] child pid 26379 exit signal Segmentation fault (11) [Wed Dec 30 12:44:19 2009] [notice] child pid 31453 exit signal Segmentation fault (11) [Wed Dec 30 12:44:19 2009] [notice] child pid 17886 exit signal Segmentation fault (11) [Wed Dec 30 12:44:19 2009] [notice] child pid 24757 exit signal Segmentation fault (11) [Wed Dec 30 12:44:19 2009] [notice] child pid 18624 exit signal Segmentation fault (11) [Wed Dec 30 12:44:19 2009] [notice] child pid 14999 exit signal Segmentation fault (11) [Wed Dec 30 12:44:20 2009] [notice] child pid 9317 exit signal Segmentation fault (11) [Wed Dec 30 12:44:21 2009] [notice] child pid 8716 exit signal Segmentation fault (11) [Wed Dec 30 12:45:23 2009] [notice] child pid 27216 exit signal Segmentation fault (11) [Wed Dec 30 12:45:24 2009] [notice] child pid 26615 exit signal Segmentation fault (11) [Wed Dec 30 12:45:24 2009] [notice] child pid 1741 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 4000 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 28261 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 30546 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 29486 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 21494 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 6498 exit signal Segmentation fault (11) [Wed Dec 30 12:45:29 2009] [notice] child pid 22171 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 29606 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 16008 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 10739 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 4137 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 1433 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 20453 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 10722 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 22315 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 20619 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 32217 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 32265 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 20392 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 7813 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 4377 exit signal Segmentation fault (11) [Wed Dec 30 12:45:33 2009] [notice] child pid 31670 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 15880 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 25293 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 3920 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 25766 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 161 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 12423 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 3733 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 24224 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 7508 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 6928 exit signal Segmentation fault (11) [Wed Dec 30 12:45:38 2009] [notice] child pid 10552 exit signal Segmentation fault (11) [Wed Dec 30 12:45:49 2009] [notice] child pid 22538 exit signal Segmentation fault (11) [Wed Dec 30 12:45:49 2009] [notice] child pid 28196 exit signal Segmentation fault (11) [Wed Dec 30 12:45:49 2009] [notice] child pid 11695 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [error] ALERT - canary mismatch on efree() - heap overflow detected (attacker '172.16.103.93', file '/nfsen/rrdgraph.php') [Wed Dec 30 12:45:54 2009] [notice] child pid 10757 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 17924 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 3450 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 24701 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 17469 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 3825 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 17640 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 16060 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 31052 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 25870 exit signal Segmentation fault (11) [Wed Dec 30 12:45:54 2009] [notice] child pid 16887 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 29915 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 28015 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 12559 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 17733 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 27716 exit signal Segmentation fault (11) [Wed Dec 30 12:46:01 2009] [notice] child pid 7892 exit signal Segmentation fault (11) [Wed Dec 30 12:46:03 2009] [notice] child pid 3917 exit signal Segmentation fault (11) [Wed Dec 30 12:46:03 2009] [notice] child pid 28738 exit signal Segmentation fault (11) [Wed Dec 30 12:46:03 2009] [notice] child pid 23338 exit signal Segmentation fault (11) installed packages: # pkg_info GeoIP-1.4.6 find the country where IP address/hostname originates from arc-5.21op1 create & extract files from DOS .ARC files autoconf-2.61p3 automatically configure source code on many Un*x platforms bzip2-1.0.5 block-sorting file compressor, unencumbered calamaris-2.59 proxy-cache-servers logfiles analizer flow-tools-0.68p1 cisco NetFlow utilities flowd-0.9.1 NetFlow collector freetype-1.3.1p3 free and portable TrueType font rendering engine gd-2.0.35 library for dynamic creation of images gettext-0.17p0 GNU gettext gmp-4.3.1 library for arbitrary precision arithmetic jpeg-6bp5 IJG's JPEG compression utilities lha-1.14i.ac20050924.1 archive files using LZW compression (.lzh files) libart-2.3.20p0 high-performance 2D graphics library libdnet-1.10p3 portable low-level networking library libiconv-1.13 character set conversion library libltdl-1.5.26 GNU libtool system independent dlopen wrapper libtool-1.5.26p0 generic shared library support script libxml-2.6.32p2 XML parsing library lua-5.1.4p0 powerful, light-weight programming language metaauto-0.9 wrapper for gnu auto* net-snmp-5.4.2.1p1 extendable SNMP implementation nfdump-1.5.8 tools to collect and process netflow data nfprofile-1.5.8 filters data from nfdump according to profiles p5-Crypt-DES-2.05p1 interface to the DES encryption algorithm p5-Digest-HMAC-1.01p0 interface to HMAC Message-Digest Algorithms p5-Digest-SHA1-2.12 module to calculate SHA1 digests p5-GD-2.41 module to interface with the GD graphics library p5-GD-Graph-1.43p0 module for graph plotting p5-GD-TextUtil-0.86p0 text utilities for use with GD drawing package p5-IO-INET6-2.01p0 object interface for AF_INET and AF_INET6 domain sockets p5-Net-SNMP-5.2.0 Perl modules to access SNMP p5-RRD-1.2.30 perl interface to librrd p5-SNMP_Session-1.12 provides rudimentary access to remote SNMP agents p5-Socket6-0.22 Perl defines relating to AF_INET6 sockets pcre-7.9 perl-compatible regular expression library pear-1.7.2 base classes for common PHP tasks pear-utils-1.7.2 utilities for managing pear extensions php5-core-5.2.10 server-side HTML-embedded scripting language php5-gd-5.2.10-no_x11 image manipulation extensions for php5 png-1.2.35 library for manipulating PNG images python-2.5.4p1 interpreted object-oriented programming language rrdtool-1.2.30 system to store and display time-series data sqlite3-3.6.13p0 embedded SQL implementation squid-2.7.STABLE6 WWW and FTP proxy cache and accelerator t1lib-5.1.0p1 Type 1 rasterizer library for UNIX/X11 unzip-5.52p0 extract, list & test files in a ZIP archive webalizer-2.01.10p7 web server log file analysis program zoo-2.10.1p1 handle the old .ZOO archive format
