Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NetLink Error

Discussion in 'General Discussion' started by keat63, Mar 2, 2017.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Does anyone know what these mean.
    I have a few of these in my logs since yesterday.

    Code:
    [2017-03-01 15:49:21 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
    [2017-03-01 15:49:22 +0000] info [xml-api] Loading default httpupdate source
    [2017-03-01 15:49:22 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
    [2017-03-01 15:49:31 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
    [2017-03-01 15:49:31 +0000] info [xml-api] Using new TIERS.json version file
    [2017-03-01 15:49:32 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
    [2017-03-01 18:18:21 +0000] info [autorepair] Successfully verified signature for cpanel (key types: release).
    Error while reading netlink: $VAR1 = {
             'nlmsg_length' => 96,
             'nlmsg_seq' => 2,
             'nlmsg_pid' => 18422,
             'nlmsg_flags' => 0,
             'nlmsg_type' => 2
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_seq' => 2,
             'nlmsg_flags' => 0,
             'nlmsg_pid' => 18628,
             'nlmsg_length' => 96,
             'nlmsg_type' => 2
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_length' => 96,
             'nlmsg_type' => 2,
             'nlmsg_seq' => 2,
             'nlmsg_flags' => 0,
             'nlmsg_pid' => 18631
           };
    Building global cache for cpanel...Done
    Error while reading netlink: $VAR1 = {
             'nlmsg_pid' => 31593,
             'nlmsg_seq' => 2,
             'nlmsg_type' => 2,
             'nlmsg_length' => 96,
             'nlmsg_flags' => 0
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_flags' => 0,
             'nlmsg_pid' => 31706,
             'nlmsg_type' => 2,
             'nlmsg_seq' => 2,
             'nlmsg_length' => 96
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_flags' => 0,
             'nlmsg_type' => 2,
             'nlmsg_length' => 96,
             'nlmsg_seq' => 2,
             'nlmsg_pid' => 31709
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_length' => 96,
             'nlmsg_type' => 2,
             'nlmsg_flags' => 0,
             'nlmsg_pid' => 1786,
             'nlmsg_seq' => 2
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_pid' => 1951,
             'nlmsg_seq' => 2,
             'nlmsg_type' => 2,
             'nlmsg_flags' => 0,
             'nlmsg_length' => 96
           };
    Error while reading netlink: $VAR1 = {
             'nlmsg_seq' => 2,
             'nlmsg_flags' => 0,
             'nlmsg_type' => 2,
             'nlmsg_pid' => 1954,
             'nlmsg_length' => 96
           };
    
     
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Could you please verify /var/log/messages in depth.check your disk , networlk interface too in detail.
    It seems upcp cron failure errors .
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I've nothing jumping out in var/log/messages around this time.
    other than an IP block by CSF

    Code:
    Mar  1 18:18:21 leeds kernel: [326069.704505] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12211 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar  1 18:18:21 leeds kernel: [326069.709407] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12219 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar  1 18:18:21 leeds kernel: [326070.097931] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:90:1b:0e:0d:2d:4b:08:00 SRC=yyy.yyy.yyy.yyy DST=255.255.255.255 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=12363 PROTO=UDP SPT=53594 DPT=10505 LEN=100
    
    Maybe I'll log this with the data centre.
     
    #3 keat63, Mar 2, 2017
    Last edited: Mar 2, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify which version of cPanel is installed on this system?

    Thank you.
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    The build was 62.08, however I ran an update to 62.16 and a yum update last night, I've not seen any of these over night.

    I had a few emails back and forth with the data centre, who actually pointed me to this thread, so I guess they were as equally confused as I was. We ran disk checks which came back OK.

    I'm still monitoring.

    Could network traffic have caused this ?
    var/log/messages was showing a server within the datacentre being blocked by CSF trying to do something (now been reported).
    I was seeing echos from it every few seconds.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Please feel free to open a support ticket if the issue occurs again so we can take a closer look at the affected system.

    Thank you.
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    This is still occasionally occuring, and I think I've narrowed it down to this.

    Code:
    Mar 29 13:30:14 kernel: [2308815.435694] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:7b:3e:63:08:00 SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=18792 PROTO=UDP SPT=62706 DPT=8082 LEN=84
    xxx.xxx.xxx.xxx being a server inside the same data centre.
    If I block the IP in my firewall, the issue goes away for a few days, then starts again on a new IP.

    Therefore I'm guessing that it may be some form of software, virus or malware.

    I'd rather not open a ticket, if this can be explained on here ??
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You may want to reach out to your data center to report this traffic, as they should be able to take action of the behavior is malicious. Otherwise, you may want to seek out a system administrator to access the system and determine what's happening:

    System Administration Services | cPanel Forums

    Thank you.
     
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    This is still ongoing despite numerous updates.

    Support Request ID is: 8417929
     
Loading...

Share This Page