Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Nov 2015 21:03:00 +0100
From:      Terje Elde <>
To:        Artem Kuchin <>
Subject:   Re: Determine which user started tcp connection
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> On 29 Nov 2015, at 16:15, Artem Kuchin <> wrote:
> I have a jail with shared hosting. Many sites are hosted. Each on its =
own user.
> I want to monitor their external connections. I allow external =
connections but want to
> see what's going  on.
> IPFW allowes easily to see all outgoing connection setups from jail, =
but i cannot
> see which user started it.
> I googled and i see that requests to add UID to IPFW log were first in =
2008 but
> i still do not see it in the version 10.
> So, is there a way to log UID and connection params  (dst ip and port) =

pflog can give you that.

It can give you pid as well, and combined with audit-logging, that could =
give you the program that=E2=80=99s causing it, not just the user.


Want to link to this message? Use this URL: <>