Question

log all connections...

Asked by: teinsa

I'm not sure if I should ask this question here or in Windows 2000 area, but here goes...

I need to log all connections (as in what shows up with netstat command) to a log file that is generated daily.  I run a windows 2000 server, and I would need to have a log file of every single connection to the server...

I know I can just see it in real time using netstat command, but I would really need something that can do this logging automaticaly so as to be able to just go back to a certain day and time, and see who connected and what port was used, etc...

thanks!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-01-15 at 05:17:24ID20851603
Tags

connections

,

log

,

netstat

Topics

Miscellaneous Networking

,

TCP/IP

Participating Experts
4
Points
400
Comments
17

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. netstat TIME_WAIT
    hi... Sparc-10, Sol 2.4, 192Mb, running SQL Server. Here is list of connections to a database listening on port 4100. I don't have a problem with the "ESTABLISHED" connections. But what about the "TIME_WAIT" ones? Whats happening here? and why does outpu...
  2. netstat
    When I do a netstat command I see several established connections on my box. I allowed a kid full access (big mistake) so he could do a bot. I find that as superuser and logged in remote I cannot do a reboot. How can I kill these connections off ?
  3. Why My Windows 98 And Xp Goes Automaticaly Restart?
    I have Intle Pentium 4 1.8Ghz System. i have problem with my system my toh windows 98 and XP goes automaticaly restart what's the problem please guide me to solve the problem. It'll be great honour to recieve help from you.
  4. netstat in dos
    @echo on :do netstat >>logfile.txt netstat >>%IPAddress% tracert %IPAddress% >>logfile.txt goto :do It should pass netstat to %IPAddress% and then tracrt runs the ip... It's not passing netstat's contents to %IPAddress%... I was thinking it could be done ma...
  5. Remote netstat
    Hi all, is there any way to run a netstat on a remote pc. So that you would get the same kind of feedback as you would from netstat -a, but for a provided IP. Thanks
  6. Trojan and Open port - Netstat -a
    Hi experts: I am using ms dos to view my open ports. netstat - a ( when the internet connection is off). From one of the book, I have learned that certain ports are trojan ports. In my netstat - I have 2 ports they are trojan ports. - But, I am not sure if it correct. These...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 05:37:48ID: 10119892

Type
'netstat -an >c:\windows\desktop\log.txt'

or any other directory you please. Netstat will create a file (in this case, log.txt on my desktop) and dump the output into it. Just open the file to see your results.

That will create a log for you.  What you could do is create a batch script and automate it to run periodically during the day.  Or even have it emailed to you.  

This assumes you know how to script.

 

by: teinsaPosted on 2004-01-15 at 05:53:50ID: 10120010

but this would only log the connections that are active at that moment.  I would need something that automaticaly logs everything always...

 

by: -extreme-Posted on 2004-01-15 at 05:54:34ID: 10120017

create some kind of loop..
and you may want to change it to..
netstat -an >>c:\windows\desktop\log.txt

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 06:00:34ID: 10120059

Hmmm....everything always?  So you want it to actively monitor not take periodic captures?  

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 06:00:35ID: 10120060

Hmmm....everything always?  So you want it to actively monitor not take periodic captures?  

 

by: teinsaPosted on 2004-01-15 at 06:06:08ID: 10120102

yes, actively monitor

and i was thinking about something that i could set as a system service, so it always logs...  some little applet maybe, or some shareware connection logger...  no idea exactly, just something so that I can log every single connection to my server.

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 06:13:48ID: 10120161

Gotcha...ok try this application......


http://www.mfcsnet.com/mfcstcpstat.htm

Appears to be exactly what you're looking for.  Of course there could be other "free" software out there but you'll have to goole search for more.   =)

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 06:15:30ID: 10120169

PS:   It's only $7.95 anway.  Can't beat that (except for free)

 

by: teinsaPosted on 2004-01-15 at 06:24:42ID: 10120247

seems to be what I'm looking for...  just want to make sure now that what I'm lookin for is clear, someone else doesnt know of a better prog than that one...

so anyone else?  hehe

if no one else, I'll just go ahead and buy that one (well the PRO version) and give ya the full 400 points :)

 

by: tommoranPosted on 2004-01-15 at 06:33:04ID: 10120320

This one is free and pretty good.  I use it quite often.

http://www.objectplanet.com/Probe/

Good luck,
Tom

 

by: TheBrothaULuv2H8Posted on 2004-01-15 at 07:12:34ID: 10120658

Thanks and good luck.

 

by: chicagoanPosted on 2004-01-15 at 11:49:22ID: 10123297

You may want to use windump and log connection attemps and fin packets...

 

by: teinsaPosted on 2004-01-16 at 00:43:02ID: 10127865

wow, he Probe prog on objectplanet is amazing!

although a few problems...  first off, no where is the price listed until you are done instaling it and start using it...  then it pops up that u have 7 days to pay $300!!

hehe, so I uninstalled that one, and installed the lite version... it does almost everything that the PRO does, except it absolutely floods the computer with popups and tries to install a ton of garbage...

unistalled that one also...

real shame

 

by: TheBrothaULuv2H8Posted on 2004-01-16 at 05:43:40ID: 10129299

Wow, I read on the site something about $7.00 to register.  Those bastards.  I'll try to find you another one.

 

by: TheBrothaULuv2H8Posted on 2004-01-16 at 05:55:59ID: 10129399

Try This One...

NetStat Live

http://www.analogx.com/contents/download/network/nsl.htm

Although the reviews say its great stuff, they say it doesn' that it doesn't log the connections, but I think with some tweaking you probably could find a way to log the data.

X-NetStat
http://www.freshsw.com/xns/

They're looking for beta testers for the latest version, I couldn't determine if the software is Windows or Linux based.  

Also try

TCPView by sysinternals.com  or wininternals.com  That has great reviews from PC Magazine, and although it doesn't say netstat specifically, it monitors all TCP/IP activity and may be a winner

 

by: chicagoanPosted on 2004-01-16 at 06:12:41ID: 10129521

What's your aversion to a sniffer (tcpdump) with filters??

 

by: teinsaPosted on 2004-05-14 at 02:20:54ID: 11066504

thanks guys!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...