Hi, which Solaris release are you using? In case of Solaris 9 please use the file /etc/default/inetd instead and use the configuration option "ENABLE_CONNECTION_LOGGING=YES". This is known as bugid 4676489, affects only Solaris 9 and is fixed in the next release. This bugid is available on SunSolve (in case you're interested). Bye, Wolfgang. -- ******************************************************************* Wolfgang Ley Enterprise Services Software Competence Center Wolfgang.Ley@private Sun Microsystems GmbH Tel: +49 40 251523-0 Eiffestrasse 80 Fax: +49 40 251523-77 D-20537 Hamburg http://www.sun.de/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged infor- mation. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >X-Original-To: loganalysis@private >Date: Fri, 20 Feb 2004 10:39:05 -0800 (PST) >From: Tina Bird <tbird@precision-guesswork.com> >To: "loganalysis@private" <loganalysis@private> >X-Mailman-Approved-At: Fri, 20 Feb 2004 11:39:44 -0700 >Subject: [logs] solaris inetd -t (fwd) >List-Archive: <http://sisyphus.iocaine.com/pipermail/loganalysis> > > >Okay, let's try asking the "real" question. I'm working on a document >about Web server monitoring. One of the sections is on recording >unauthorized network connections. I've got portsentry documented, and >someone's working on snort -- takers for tcp-wrappers configs would be >fabulous -- but I'd also like to add a bit on using the "-t" flag to inetd >on Solaris. > >According to the man pages: > > -t Instructs inetd to trace the incoming connections for > all of its TCP services. It does this by logging the > client's IP address and TCP port number, along with > the name of the service, using the syslog(3C) facil- > ity. UDP services can not be traced. When tracing is > enabled, inetd uses the syslog facility code ``dae- > mon'' and ``notice'' priority level. > >I have killed the old inetd process and restarted it thusly: > >inetd -s -t & > >(following the guidance of /etc/init.d/inetsvc). > >But I don't seem to be seeing any data in my logs, even after nmapping the >system. > >Any ideas? Anyone using it? > >thanks for any info -- tbird > >-- >It doesn't have to be our fault to be our responsibility. > > -- Paul Robertson > >http://www.precision-guesswork.com >Log Analysis http://www.loganalysis.org >VPN http://vpn.shmoo.com >tbird's Security Alerts http://securecomputing.stanford.edu/alert.html >_______________________________________________ >LogAnalysis mailing list >LogAnalysis@private >http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Feb 20 2004 - 11:08:58 PST