Date: Sat, 26 Feb 2000 17:38:55 +0100 From: John Russell <jr@paranoia.demon.nl> To: Nguyen Manh Tho <manhtho@yahoo.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>, nmtho@dit.hcmut.edu.vn Subject: Re: Could I use the dhcp.bind to query the machine accessing to my Server ? Message-ID: <200002261638.RAA18823@gazelle.bigmama.xx> In-Reply-To: <20000226095617.14167.qmail@web1604.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
If I understand your question, you want to know who accessed one of your
machines on certain dates in the past through ftp, telnet or http. If this is
not the question, then read no further.
If it is your question, then for telnet and ftp, you can use the last command
(last(1)). Something like "last | grep Dec" for instance. A thorough look at
the logs located by default at /var/log will also show some more particulars.
For the http side you only have the log files to look at.
I'll let someone else answer the remaining questions about bind.
John
On Sat, 26 Feb 2000 01:56:17 -0800 Nguyen Manh Tho wrote the following about
"Could I use the dhcp.bind to query the machine accessing to my Server ? "
> Dear FreeBSD members,
>
> I need your helps in my problems and I am very
> appreciated for all your reply. I am aslo sorry if it
> make you trouble.
>
> Our University now have the Internet service system
> for student accessing through some service such as
> fpt,
> http, telnet,... We need to inquire who had accessed
> our system and now I have to write the program doing
> this work. I am now looking for the solving way to do
> this task.
>
> I have read the file dhcpdb.bind but I didn't
> understand much. Is that file store informations of
> the one who accessed to the host?
>
> An example of one line in that file is:
> 1:0x00004c438911:192.168.1.0:1:0x00004c438911:"Thu Dec
> 3 19:15:11 1998":0068
>
> I have some question here:
>
> Is "1:0x00004c438911" the MAC address of the accessing
> computer?
>
> Is "Thu Dec 3 19:15:11 1998" is the date and time of
> accessing?
>
> And is "0068" the number of that computer which is
> stored is the file dhcpdb.pool?
>
> But which computer has the IP address "192.168.1.0"?
> Because I've found that all the lines in dhcpdb.bind
> have the same one ("192.168.1.0"). What's is the real
> IP address of the machine access ?
>
> Another question is what is the usage of the file
> dhcpdb.bind? Is it the database that the DHCP Server
> will use for leasesing IP automatically.
>
> Now our Univesity is very interested in the security
> problem of our Internet system, could we use that
> file to inquire who had accessed our system?
>
> Would you please help me or tell me where I could find
> the answer? Now I couldn't have any detail document
> about that.
>
> If anyone have other solving satisfy this task, please
> let me know.
>
> I'm very sorry if my questions are so silly because
> I'm very new in both UNIX and Free BSD. I'm using Free
> BSD version 3.3.
>
> Nguyen Manh Tho.
> ++++++++++++++++++++++++++++++++++++
> Engineer, Assistant Lecturer, Database Group,
> Department of Information Technology,
> Hochiminh City University of Technology,
> Block A3, 268 Ly Thuong Kiet Street, Ward 12,
> District 10, Hochiminh City, Vietnam.
> Email: nmtho@dit.hcmut.edu.vn
> URL: http://www.hcmut.edu.vn
> ++++++++++++++++++++++++++++++++++++
>
>
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002261638.RAA18823>