04-05-2009
Thanks for the reply. I have setup lots of different things to log, just wondering how to log information about connections to the network. Essentially how do I log information such as this as it happens:
sshd 5571 root 4u IPv4 115178105 TCP 1.2.3.4:ssh->5.6.7.8:51185 (ESTABLISHED)
Obviously I am getting information logged from Apache as far as who connects to the webserver, and mail servers are logging IP's of people that connect to that service, but I am looking for a daemon I can run that will essentially give me the info that netstat or lsof will give, which I can then have logged. Basically I what I would like is for something like netstat to run and all new entries that would show up when someone connects to any port on the system would generate a log entry. Thanks again!
9 More Discussions You Might Find Interesting
1. Linux
how can i see active network connections (1 Reply)
Discussion started by: youmna
1 Replies
2. Solaris
Hi All,
Is there a built in function/tool in Solaris that enables creation of a history file on any connection (via telnet, ssh, rsh or nfs) to Solaris machine?
I would like to create a script that records IP Address, date and timestamp, and command excuted for any connection to a Solaris... (2 Replies)
Discussion started by: racbern
2 Replies
3. Solaris
i've been able to log incoming telnet and ssh connections on solaris 9 using the following lines in /etc/syslog.conf
# Telnet connections are logged to auth.notice
auth.notice /var/adm/authlog
# An entry in /etc/profile logs all telnet connections... (2 Replies)
Discussion started by: soliberus
2 Replies
4. IP Networking
I rotate between a static lan, dhcp lan, and various wireless networks daily. Is there a way to set preferred network connections? I use some static ip's daily, some static ip's like once a month, and almost never use the dhcp lan. The same I do with my various wireless networks. Some I use daily... (0 Replies)
Discussion started by: cokedude
0 Replies
5. IP Networking
I want to know potential problems with the following scenario OR if it is an ok way to have my network setup:
I have 2 WAN connections to the internet. I have each WAN connection plugged into its own router. Router DD-WRT is gateway for servers (192.0.10.50). Router Tomato is gateway for pc's... (1 Reply)
Discussion started by: herot
1 Replies
6. UNIX for Advanced & Expert Users
Hi all,
I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies
7. Shell Programming and Scripting
Could you help me writing a script showing which network connections are currently active?
Means output should be something like:
"eth0, wlan1, wlan3"
Problem:
The output is supposed to happen on a 16x2 LCD Display.
Currently I am doing a "Ifconfig" as output, but its too fast for the... (2 Replies)
Discussion started by: lordofazeroth
2 Replies
8. Solaris
Hi
I am very well aware of configuring central logging (syslog)server on solaris to capture logs of other solaris servers. But don't know how to capture the logs of network devices like Juniper , cisco etc on solaris server. Is this possible through syslog server of solaris. Is there any way we... (1 Reply)
Discussion started by: amity
1 Replies
9. UNIX for Advanced & Expert Users
I have a static IP 47.21.154.146 and two computers which I wish to talk to each other. The two IPs are 198.168.1.5 and 198.168.1.6.
How do I do it. For example ls from one computer to the other.
TIA (8 Replies)
Discussion started by: Meow613
8 Replies
LEARN ABOUT REDHAT
xinetd.log
XINETD.LOG(5) File Formats Manual XINETD.LOG(5)
NAME
xinetd.log - xinetd service log format
DESCRIPTION
A service configuration may specify various degrees of logging when attempts are made to access the service. When logging for a service is
enabled, xinetd will generate one-line log entries which have the following format (all entries have a timestamp as a prefix):
entry: service-id data
The data depends on the entry. Possible entry types include:
START generated when a server is started
EXIT generated when a server exits
FAIL generated when it is not possible to start a server
DATA generated when an attempt to start a server fails and the service supports the RECORD log option.
USERID generated if the USERID log option is used.
NOID generated if the USERID log option is used, and the IDONLY service flag is used, and the remote end does not identify
who is trying to access the service.
In the following, the information enclosed in brackets appears if the appropriate log option is used.
A START entry has the format:
START: service-id [pid=%d] [from=%d.%d.%d.%d]
An EXIT entry has the format:
EXIT: service-id [type=%d] [pid=%d] [duration=%d(sec)]
type can be either status or signal. The number is either the exit status or the signal that caused process termination.
A FAIL entry has the format:
FAIL: service-id reason [from=%d.%d.%d.%d]
Possible reasons are:
fork a certain number of consecutive fork attempts failed (this number is a configurable parameter)
time the time check failed
address the address check failed
service_limit the allowed number of server instances for this service would be exceeded
process_limit a limit on the number of forked processes was specified and it would be exceeded
A DATA entry has the format:
DATA: service-id data
The data logged depends on the service.
login remote_user=%s local_user=%s tty=%s
exec remote_user=%s verify=status command=%s
Possible status values:
ok the password was correct
failed the password was incorrect
baduser no such user
shell remote_user=%s local_user=%s command=%s
finger received string or EMPTY-LINE
A USERID entry has the format:
USERID: service-id text
The text is the response of the identification daemon at the remote end excluding the port numbers (which are included in the response).
A NOID entry has the format:
NOID: service-id IP-address reason
SEE ALSO
xinetd(1L),
xinetd.conf(5)
28 April 1993 XINETD.LOG(5)