Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

log traffic

Posted on 2004-07-30
12
Medium Priority
?
303 Views
Last Modified: 2010-08-05
i need to log all traffic that is being created by a specific uid
the box have multiple nic's if it matters.
the uid dosent belong to a real system user with shell but will show up like #405 in ps where 405 is a uid in a chrooted /ftpd/etc/passwd
where do i start?
i need a full explenation since i dont really have time to read everything on the subject.
0
Comment
Question by:loadet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 11681186
you need to log "what service" ??

ftp ?
httpd?
 
0
 

Author Comment

by:loadet
ID: 11681209
does it matter?
i need to log all traffic from that uid
but its a ftpd .. not the standard ftpd service.
and i did try something like iptables -A OUTPUT -m owner --uid-owner 405
but it just gets me a iptables: Invalid argument
0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 11681557
check if you have the owner module for ip tables. It should be in the modules subtree on your system ( /lib/modules/`uname -r`/kernel/net/ipv4/netfilter )

You are probably missing the module.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:loadet
ID: 11681577
i have ipt_owner.ko

would that be it?
0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 11694635
That is the module your need. load it using:

modprobe ipt_owner

after that try your command again:

iptables -A OUTPUT -m owner --uid-owner 405 -j LOG

Should do the trick (just checked on my own machine)

Good Luck
0
 

Author Comment

by:loadet
ID: 11699641
yeah i thought that was the problem too but it was already loaded
FATAL: Module ipt_owner already in kernel.
0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 11701050
That fatal is not fatal :-)

Does it accept the iptables command without complaining?
0
 

Author Comment

by:loadet
ID: 11701119
no it gives me a
iptables: Invalid argument
im running
iptables v1.2.6a
kernel 2.6.4

lsmod gives me

ipt_owner               4480  0
iptable_filter          3840  1
ip_tables              17168  2 ipt_owner,iptable_filter

so i dont really understand it
0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 11708094
I did 2 things:

checked my version of iptables and kernel: iptables 1.2.9 and kernel 2.6.7

searched the sources of iptables and the kernel ipfilter modules for the "Invalid argument": it's not there. So whatever is giving this error, it is not in iptables or the kernel modules.

Could you please check what iptables you are executing? (try: which iptables)
0
 

Author Comment

by:loadet
ID: 11712313
start:/home/loadet# which iptables
/sbin/iptables
0
 
LVL 6

Accepted Solution

by:
de2Zotjes earned 750 total points
ID: 11713852
I am at a loss now. I can only sussgest to upgrade your version of the iptables tools and to check again that you get the command line correctly:

/sbin/iptables -A OUTPUT -m owner --uid-owner <numeric> -j LOG
0
 

Author Comment

by:loadet
ID: 11716464
ok i will try that, thanks for trying.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question