Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging network connections
Special Forums IP Networking Logging network connections Post 302304226 by abstrcrndm on Sunday 5th of April 2009 09:43:49 PM
Old 04-05-2009
Thanks for the reply. I have setup lots of different things to log, just wondering how to log information about connections to the network. Essentially how do I log information such as this as it happens:

sshd 5571 root 4u IPv4 115178105 TCP 1.2.3.4:ssh->5.6.7.8:51185 (ESTABLISHED)

Obviously I am getting information logged from Apache as far as who connects to the webserver, and mail servers are logging IP's of people that connect to that service, but I am looking for a daemon I can run that will essentially give me the info that netstat or lsof will give, which I can then have logged. Basically I what I would like is for something like netstat to run and all new entries that would show up when someone connects to any port on the system would generate a log entry. Thanks again!
 

9 More Discussions You Might Find Interesting

1. Linux

active network connections

how can i see active network connections (1 Reply)
Discussion started by: youmna
1 Replies

2. Solaris

Logging Connections in Solaris

Hi All, Is there a built in function/tool in Solaris that enables creation of a history file on any connection (via telnet, ssh, rsh or nfs) to Solaris machine? I would like to create a script that records IP Address, date and timestamp, and command excuted for any connection to a Solaris... (2 Replies)
Discussion started by: racbern
2 Replies

3. Solaris

logging incoming connections on solaris 10

i've been able to log incoming telnet and ssh connections on solaris 9 using the following lines in /etc/syslog.conf # Telnet connections are logged to auth.notice auth.notice /var/adm/authlog # An entry in /etc/profile logs all telnet connections... (2 Replies)
Discussion started by: soliberus
2 Replies

4. IP Networking

preferred network connections

I rotate between a static lan, dhcp lan, and various wireless networks daily. Is there a way to set preferred network connections? I use some static ip's daily, some static ip's like once a month, and almost never use the dhcp lan. The same I do with my various wireless networks. Some I use daily... (0 Replies)
Discussion started by: cokedude
0 Replies

5. IP Networking

2 WAN connections on 1 switch/network

I want to know potential problems with the following scenario OR if it is an ok way to have my network setup: I have 2 WAN connections to the internet. I have each WAN connection plugged into its own router. Router DD-WRT is gateway for servers (192.0.10.50). Router Tomato is gateway for pc's... (1 Reply)
Discussion started by: herot
1 Replies

6. UNIX for Advanced & Expert Users

Not logging ftp connections in /var/adm/wtmpx file (in last command output)

Hi all, I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies

7. Shell Programming and Scripting

Could you help me writing a script showing which network connections are currently active?

Could you help me writing a script showing which network connections are currently active? Means output should be something like: "eth0, wlan1, wlan3" Problem: The output is supposed to happen on a 16x2 LCD Display. Currently I am doing a "Ifconfig" as output, but its too fast for the... (2 Replies)
Discussion started by: lordofazeroth
2 Replies

8. Solaris

Configuring central logging server for network devices

Hi I am very well aware of configuring central logging (syslog)server on solaris to capture logs of other solaris servers. But don't know how to capture the logs of network devices like Juniper , cisco etc on solaris server. Is this possible through syslog server of solaris. Is there any way we... (1 Reply)
Discussion started by: amity
1 Replies

9. UNIX for Advanced & Expert Users

Network Connections

I have a static IP 47.21.154.146 and two computers which I wish to talk to each other. The two IPs are 198.168.1.5 and 198.168.1.6. How do I do it. For example ls from one computer to the other. TIA (8 Replies)
Discussion started by: Meow613
8 Replies

LEARN ABOUT REDHAT

xinetd.log

XINETD.LOG(5)							File Formats Manual						     XINETD.LOG(5)

NAME

       xinetd.log - xinetd service log format

DESCRIPTION

       A  service configuration may specify various degrees of logging when attempts are made to access the service. When logging for a service is
       enabled, xinetd will generate one-line log entries which have the following format (all entries have a timestamp as a prefix):

	      entry: service-id data

       The data depends on the entry.  Possible entry types include:

	      START	  generated when a server is started

	      EXIT	  generated when a server exits

	      FAIL	  generated when it is not possible to start a server

	      DATA	  generated when an attempt to start a server fails and the service supports the RECORD log option.

	      USERID	  generated if the USERID log option is used.

	      NOID	  generated if the USERID log option is used, and the IDONLY service flag is used, and the remote end  does  not  identify
			  who is trying to access the service.

       In the following, the information enclosed in brackets appears if the appropriate log option is used.

       A START entry has the format:

	      START: service-id [pid=%d] [from=%d.%d.%d.%d]

       An EXIT entry has the format:

	      EXIT: service-id [type=%d] [pid=%d] [duration=%d(sec)]

       type can be either status or signal.  The number is either the exit status or the signal that caused process termination.

       A FAIL entry has the format:

	      FAIL: service-id reason [from=%d.%d.%d.%d]

       Possible reasons are:

	      fork	     a certain number of consecutive fork attempts failed (this number is a configurable parameter)

	      time	     the time check failed

	      address	     the address check failed

	      service_limit  the allowed number of server instances for this service would be exceeded

	      process_limit  a limit on the number of forked processes was specified and it would be exceeded

       A DATA entry has the format:

	      DATA: service-id data

       The data logged depends on the service.

	      login	  remote_user=%s local_user=%s tty=%s

	      exec	  remote_user=%s verify=status command=%s
			  Possible status values:

			  ok	    the password was correct

			  failed    the password was incorrect

			  baduser   no such user

	      shell	  remote_user=%s local_user=%s command=%s

	      finger	  received string or EMPTY-LINE

       A USERID entry has the format:

	      USERID: service-id text

       The text is the response of the identification daemon at the remote end excluding the port numbers (which are included in the response).

       A NOID entry has the format:

	      NOID: service-id IP-address reason

SEE ALSO

       xinetd(1L),

       xinetd.conf(5)

								   28 April 1993						     XINETD.LOG(5)
All times are GMT -4. The time now is 05:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy