NetLink Error

[keat63]

Does anyone know what these mean.
I have a few of these in my logs since yesterday.

[2017-03-01 15:49:21 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-03-01 15:49:22 +0000] info [xml-api] Loading default httpupdate source
[2017-03-01 15:49:22 +0000] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-03-01 15:49:31 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
[2017-03-01 15:49:31 +0000] info [xml-api] Using new TIERS.json version file
[2017-03-01 15:49:32 +0000] info [xml-api] Successfully verified signature for cpanel (key types: release).
[2017-03-01 18:18:21 +0000] info [autorepair] Successfully verified signature for cpanel (key types: release).
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_seq' => 2,
         'nlmsg_pid' => 18422,
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 18628,
         'nlmsg_length' => 96,
         'nlmsg_type' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_type' => 2,
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 18631
       };
Building global cache for cpanel...Done
Error while reading netlink: $VAR1 = {
         'nlmsg_pid' => 31593,
         'nlmsg_seq' => 2,
         'nlmsg_type' => 2,
         'nlmsg_length' => 96,
         'nlmsg_flags' => 0
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 31706,
         'nlmsg_type' => 2,
         'nlmsg_seq' => 2,
         'nlmsg_length' => 96
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2,
         'nlmsg_length' => 96,
         'nlmsg_seq' => 2,
         'nlmsg_pid' => 31709
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_length' => 96,
         'nlmsg_type' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_pid' => 1786,
         'nlmsg_seq' => 2
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_pid' => 1951,
         'nlmsg_seq' => 2,
         'nlmsg_type' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_length' => 96
       };
Error while reading netlink: $VAR1 = {
         'nlmsg_seq' => 2,
         'nlmsg_flags' => 0,
         'nlmsg_type' => 2,
         'nlmsg_pid' => 1954,
         'nlmsg_length' => 96
       };

 

[sktest123]

Could you please verify /var/log/messages in depth.check your disk , networlk interface too in detail.
It seems upcp cron failure errors .

 

[keat63]

I've nothing jumping out in var/log/messages around this time.
other than an IP block by CSF

Mar  1 18:18:21 leeds kernel: [326069.704505] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12211 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  1 18:18:21 leeds kernel: [326069.709407] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:19:99:78:1e:4f:00:26:0a:25:9a:40:08:00 SRC=xx.xx.xx.xx DST=my.ip.add LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=12219 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  1 18:18:21 leeds kernel: [326070.097931] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:90:1b:0e:0d:2d:4b:08:00 SRC=yyy.yyy.yyy.yyy DST=255.255.255.255 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=12363 PROTO=UDP SPT=53594 DPT=10505 LEN=100

Maybe I'll log this with the data centre.

 

[cPanelMichael]

Hello,

Could you verify which version of cPanel is installed on this system?

Thank you.

 

[keat63]

The build was 62.08, however I ran an update to 62.16 and a yum update last night, I've not seen any of these over night.

I had a few emails back and forth with the data centre, who actually pointed me to this thread, so I guess they were as equally confused as I was. We ran disk checks which came back OK.

I'm still monitoring.

Could network traffic have caused this ?
var/log/messages was showing a server within the datacentre being blocked by CSF trying to do something (now been reported).
I was seeing echos from it every few seconds.

 

[cPanelMichael]

The build was 62.08, however I ran an update to 62.16 and a yum update last night, I've not seen any of these over night.

Please feel free to open a support ticket if the issue occurs again so we can take a closer look at the affected system.

Thank you.

 

[keat63]

This is still occasionally occuring, and I think I've narrowed it down to this.

Mar 29 13:30:14 kernel: [2308815.435694] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:99:7b:3e:63:08:00 SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=18792 PROTO=UDP SPT=62706 DPT=8082 LEN=84

xxx.xxx.xxx.xxx being a server inside the same data centre.
If I block the IP in my firewall, the issue goes away for a few days, then starts again on a new IP.

Therefore I'm guessing that it may be some form of software, virus or malware.

I'd rather not open a ticket, if this can be explained on here ??

 

[cPanelMichael]

xxx.xxx.xxx.xxx being a server inside the same data centre.
If I block the IP in my firewall, the issue goes away for a few days, then starts again on a new IP.

Therefore I'm guessing that it may be some form of software, virus or malware.

You may want to reach out to your data center to report this traffic, as they should be able to take action of the behavior is malicious. Otherwise, you may want to seek out a system administrator to access the system and determine what's happening:

System Administration Services | cPanel Forums

Thank you.

 

[keat63]

This is still ongoing despite numerous updates.

Support Request ID is: 8417929