[logs] solaris inetd -t (fwd)

From: Tina Bird (tbird@precision-guesswork.com)
Date: Fri Feb 20 2004 - 10:39:05 PST

  • Next message: Wolfgang Ley - Sun Germany - Hamburg: "Re: [logs] solaris inetd -t (fwd)"

    Okay, let's try asking the "real" question.  I'm working on a document
    about Web server monitoring.  One of the sections is on recording
    unauthorized network connections.  I've got portsentry documented, and
    someone's working on snort -- takers for tcp-wrappers configs would be
    fabulous -- but I'd also like to add a bit on using the "-t" flag to inetd
    on Solaris.
    
    According to the man pages:
    
     -t    Instructs inetd to trace the incoming connections  for
               all  of its TCP services.  It does this by logging the
               client's IP address and TCP port  number,  along  with
               the  name  of the service, using the syslog(3C) facil-
               ity. UDP services can not be traced. When  tracing  is
               enabled,  inetd  uses  the syslog facility code ``dae-
               mon'' and ``notice'' priority level.
    
    I have killed the old inetd process and restarted it thusly:
    
    inetd -s -t &
    
    (following the guidance of /etc/init.d/inetsvc).
    
    But I don't seem to be seeing any data in my logs, even after nmapping the
    system.
    
    Any ideas?  Anyone using it?
    
    thanks for any info -- tbird
    
    --
    It doesn't have to be our fault to be our responsibility.
    
                                     -- Paul Robertson
    
    http://www.precision-guesswork.com
    Log Analysis http://www.loganalysis.org
    VPN http://vpn.shmoo.com
    tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysis@private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Feb 20 2004 - 10:40:40 PST