logging process associated with a connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What I ideally want is to log the cmdline associated with an outbound
packet. However, I'm open to suggestions.

What I have is:
Mar  7 16:30:25 name kernel: [618790.917928] FW: output REJECT IN=
OUT=eth1 SRC=1.2.3.4 DST=5.6.7.8 LEN=94 TOS=0x00 PREC=0x00 TTL=64
ID=56030 DF PROTO=UDP SPT=55207 DPT=514 LEN=74
(as one example - I can break out tshark and probably figure out what
it is, but I want something more in my logs)

I see this about auditd:
http://serverfault.com/questions/192893/how-i-can-identify-which-process-is-making-udp-traffic-on-linux
Specifically: # auditctl -a exit,always -F arch=b64 -F a0=2 -F a1=2 -S
socket -k SOCKET
Which isn't telling me what I want to know (or really, doesn't seem to
be reporting for each log I'm getting from ipt). Besides, if I've
already got an ipt LOG, why should I be using another tool for similar
info - this seems wasteful?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux