UNIX for Dummies Questions & Answers

Hi,

Is there a command that will tell me which client machine started a process on my Solaris server?

what I'm trying to do is that :
I've noticed someone is running a program (in my case, the Oracle sqlplus program) by using a "ps -ef | grep sqlplus". Then I use "who" and "finger" and there is only me who is currently on the system. Can I somehow use the process id and some network related commands to find out the ip or machine name of whoever started the process?

Thx.

You should be giving each user a unique id which is used to login to your system. This id would then appear in the UID field of your "ps" listing. Then you would know the user who started the process and if you really cared which workstation he used to start the process you could just ask him. But this won't work if you let many people log on as "oracle" or something.

If there is a value like "pts/23" in the TTY field, you can try "ps -ft pts/23" and get all the processes using that tty.

The start time of the process (STIME) may be a clue. You can see who was logged on at that time by checking your wtmp file. (who /var/adm/wtmp)

You can look at the PPID field to get the parent. And get the parent of that and so on all the way to pid 1. Ignore pid 1 and look at the process whose parent is 1. If this is inetd, look at the next process in the chain. If this is something like xterm or telnetd, it will have a connection to a remote system. You can use "lsof -p" to see that connection.

Try using " who -h all "

It will display the list of users currently logged in with their ip addresses.


MK

is there any system log that I can check to find out what client machines (machine name or ip) started a unix server process (which is no longer running)?

What I'm trying to do is that I have an trace file from an application which tells me what its unix process number was when the error occurred. And I would like to know if there is anyway of mapping this process number to the machine that started the process.

Does solaris keep track of its process somewhere in the system log?