From owner-freebsd-questions@freebsd.org Sun Nov 29 19:56:26 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41DFBA3AD7E for ; Sun, 29 Nov 2015 19:56:26 +0000 (UTC) (envelope-from artem@artem.ru) Received: from fallback5.mail.ru (fallback5.mail.ru [94.100.181.253]) by mx1.freebsd.org (Postfix) with ESMTP id DD02E15E9 for ; Sun, 29 Nov 2015 19:56:25 +0000 (UTC) (envelope-from artem@artem.ru) Received: from smtp26.mail.ru (smtp26.mail.ru [94.100.181.181]) by fallback5.mail.ru (mPOP.Fallback_MX) with ESMTP id D831E9ADE0A5 for ; Sun, 29 Nov 2015 22:56:17 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=RgpXnIcaIjP+mz77/zMNXu5OLSqDHmB3lqFqyaInfM8=; b=uJKTVK9uSOEZqo3UHI+aPYF6ns5wpQSabUfDbfXHWqMDo8okjDSO2DZ/QNZWXQqHwt7VHUcrHKQA8xxSiU9NjE5HyaabYJOIz9CzAOjTb9O50cTTx7LoOAJtKmRRwR5I1WcHy4gZc9SOJ7EaPpUbkZ2FQa7fgv+dgWSO5nyWjC0=; Received: from 79-172-114-207.dyn.broadband.iskratelecom.ru ([79.172.114.207]:61957 helo=[192.168.0.160]) by smtp26.mail.ru with esmtpa (envelope-from ) id 1a384u-0007KG-Q8 for freebsd-questions@freebsd.org; Sun, 29 Nov 2015 22:56:09 +0300 Subject: Re: Determine which user started tcp connection To: freebsd-questions@freebsd.org References: <565B1695.6050604@artem.ru> From: Artem Kuchin Message-ID: <565B585A.9080109@artem.ru> Date: Sun, 29 Nov 2015 22:56:10 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Mras: Ok X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2015 19:56:26 -0000 29.11.2015 22:53, darwinsurvivor@gmail.com пишет: > I don't know about ipfw, but it can probably be done by monitoring netstat > and looking at the UID of the process that made the connection. Will not work. The connection lasts only a fraction of a second. I cannot catch it manually. > > On Sun, Nov 29, 2015 at 7:15 AM, Artem Kuchin wrote: > >> Hello! >> >> I have a jail with shared hosting. Many sites are hosted. Each on its own >> user. >> I want to monitor their external connections. I allow external connections >> but want to >> see what's going on. >> IPFW allowes easily to see all outgoing connection setups from jail, but i >> cannot >> see which user started it. >> I googled and i see that requests to add UID to IPFW log were first in >> 2008 but >> i still do not see it in the version 10. >> >> So, is there a way to log UID and connection params (dst ip and port) ? >> >> Artem >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"