corrupted ulog from iptables

corrupted ulog from iptables

[Simon Tennant]

Firewall logging works fine on all my other hosts with an identical 
(afaik) config.

One host with the same settings always received corrupted log files.

    * timestamps always beginning of the epoch
    * binary characters
    * lots of control characters

uname -a
2.6.31-14-server #48-Ubuntu SMP Fri Oct 16 15:07:34 UTC 2009 x86_64 
GNU/Linux

logging is done with:

$IPTABLES -N drop-log-inbound
$IPTABLES -A drop-log-inbound -m limit --limit 60/minute -j ULOG 
--ulog-prefix drop-log-inbound:
$IPTABLES -A drop-log-inbound -j DROP

ulogd -V
ulogd Version 1.23

iptables -V
iptables v1.4.1.1

tail -f /var/log/firewall.log [06:43am/04-29-10]
Jan 1 00:00:00 cave IN=t
OUT= MAC= SRC=107.66.10.65 DST=99.116.105.118 LEN=8224 TOS=00 PREC=0x20 
TTL=51 ID=8248 MF FRAG:4404 PROTO=56
Jan 1 00:00:00 cave IN=� OUT=��������� MAC= SRC=61.34.47.117 
DST=115.101.114.47 LEN=28788 TOS=08 PREC=0x60 TTL=110 ID=26991 DF MF 
FRAG:3616 PROTO=111
Jan 1 00:00:00 cave IN OUT= MAC= SRC=111.109.34.62 DST=60.101.118.101 
LEN=25700 TOS=14 PREC=0x60 TTL=117 ID=31075 DF MF FRAG:3183 PROTO=100
Jan 1 00:00:00 cave 42679 58724( IN=L OUT= MAC= SRC=56.57.53.32 
DST=48.32.48.10 LEN=13367 TOS=10 PREC=0x20 TTL=55 ID=8242 MF FRAG:6194 
PROTO=32

grep -v \^\# /etc/ulogd.conf
[global]
nlgroup=1
logfile="/var/log/ulog/ulogd.log"
loglevel=5
plugin="/usr/lib/ulogd/ulogd_BASE.so"
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
[LOGEMU]
file="/var/log/firewall.log"
sync=1

Has anyone else had similar issues? Any ideas on what I could do to 
diagnose this further?

S.

-- 
Simon Tennant

+44 20 7043 6756 (UK - office)
+49 17 8545 0880 (Germany - mobile)
+49 89 4209 55854 (Germany - office)
skype: simontennant
xmpp: simon@buddycloud.com