Date: Sun, 29 Nov 2015 21:03:00 +0100 From: Terje Elde <terje@elde.net> To: Artem Kuchin <artem@artem.ru> Cc: freebsd-questions@freebsd.org Subject: Re: Determine which user started tcp connection Message-ID: <4FF464A5-B344-40D1-89BA-6AFB3DF81A5A@elde.net> In-Reply-To: <565B1695.6050604@artem.ru> References: <565B1695.6050604@artem.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 29 Nov 2015, at 16:15, Artem Kuchin <artem@artem.ru> wrote: >=20 > I have a jail with shared hosting. Many sites are hosted. Each on its = own user. > I want to monitor their external connections. I allow external = connections but want to > see what's going on. > IPFW allowes easily to see all outgoing connection setups from jail, = but i cannot > see which user started it. > I googled and i see that requests to add UID to IPFW log were first in = 2008 but > i still do not see it in the version 10. >=20 > So, is there a way to log UID and connection params (dst ip and port) = ? pflog can give you that. It can give you pid as well, and combined with audit-logging, that could = give you the program that=E2=80=99s causing it, not just the user. Terje
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF464A5-B344-40D1-89BA-6AFB3DF81A5A>