Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Nov 2015 21:03:00 +0100
From:      Terje Elde <terje@elde.net>
To:        Artem Kuchin <artem@artem.ru>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Determine which user started tcp connection
Message-ID:  <4FF464A5-B344-40D1-89BA-6AFB3DF81A5A@elde.net>
In-Reply-To: <565B1695.6050604@artem.ru>
References:  <565B1695.6050604@artem.ru>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> On 29 Nov 2015, at 16:15, Artem Kuchin <artem@artem.ru> wrote:
>=20
> I have a jail with shared hosting. Many sites are hosted. Each on its =
own user.
> I want to monitor their external connections. I allow external =
connections but want to
> see what's going  on.
> IPFW allowes easily to see all outgoing connection setups from jail, =
but i cannot
> see which user started it.
> I googled and i see that requests to add UID to IPFW log were first in =
2008 but
> i still do not see it in the version 10.
>=20
> So, is there a way to log UID and connection params  (dst ip and port) =
?


pflog can give you that.

It can give you pid as well, and combined with audit-logging, that could =
give you the program that=E2=80=99s causing it, not just the user.

Terje




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4FF464A5-B344-40D1-89BA-6AFB3DF81A5A>