HPE Community
Operating System - HP-UX
1752815 Members
5916 Online
108789 Solutions
New Discussion юеВ

Re: monitor connections to secondary ip address

 
Michael T. Harding
Occasional Advisor

тАО10-24-2002 06:14 AM

тАО10-24-2002 06:14 AM

monitor connections to secondary ip address

Guys,

I am using ifalias to assign a secondary ip address to our system. What I would like to do is monitor what is connecting to this ip address. If I use netstat -an | grep "ip @" then I get all the connection to that particluar ip address. what I need is what those connections are for example users logging in, or oracle process etc..... Can anyone help/advise.

Thanks in advance!
0 Kudos
Reply
7 REPLIES 7
John Palmer
Honored Contributor

тАО10-24-2002 06:47 AM

тАО10-24-2002 06:47 AM

Re: monitor connections to secondary ip address

You'll have to work out the application from the local port number output from netstat.

If you use netstat -a rather than netstat -an then netstat itself will convert the port number to the readable equivalent from /etc/services e.g. it will say .telnet rather than .23 but netstat -a uses a lot more system resources.

Not all ports need to be in /etc/services however, for Oracle processes look for the port number(s) that the Oracle listener is responding to.

Regards,
John

0 Kudos
Reply
Michael T. Harding
Occasional Advisor

тАО10-24-2002 06:54 AM

тАО10-24-2002 06:54 AM

Re: monitor connections to secondary ip address

but how would I know that this is using a seconady ip address because I will have multiple ip addressing on this. netstat -a will show connections to both ip address's as telnet connections...please quote me if I am wrong...I am still trying to learn and inco-operate this.

Thanks John
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО10-24-2002 06:58 AM

тАО10-24-2002 06:58 AM

Re: monitor connections to secondary ip address

Michael


Genrally the level of audit that you are looking for is possible form the listner log of oracle which in acutallity tells which users connected for how long using waht port , you can check the listener.log in /opt/oracle/product/8.1.7/network/listenr.log which will give u more details



Manoj Srivastava
0 Kudos
Reply
Michael T. Harding
Occasional Advisor

тАО10-24-2002 07:08 AM

тАО10-24-2002 07:08 AM

Re: monitor connections to secondary ip address

Manoj,

Lets say my system has a Primary ip address and a seconadry ip address, you can get into my system with both ip address's however I only want to know what/who/process is login on or utalising the secondary ip address.

If I do a netstat -a the output shows local address and foriegn address (how do I know that the local address is my secondary or primary address. If I do a netstat -an | grep (and the particular address) then this works but I then do not know what my foreign address is by name /process.

Guys your help would be very much appreciated!

0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО10-24-2002 07:20 AM

тАО10-24-2002 07:20 AM

Re: monitor connections to secondary ip address

I am attaching a sample line from that log , you can jsut grep on the IP adress and know who connect throguh that port ?

24-OCT-2002 11:08:09 * (CONNECT_DATA=(SID=PBSCS)(GLOBAL_NAME=PBSCS.world)(CID=(PROGRAM=kv.exe)(HOST=Windows NT PC)(USER=Anon006))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.2.10.92)(PORT=4818)) * establish * PBSCS * 12505
TNS-12505: TNS:listener could not resolve SID given in connect descriptor
24-OCT-2002 11:08:20 * (CONNECT_DATA=(SID=PBSCS)(GLOBAL_NAME=PBSCS.world)(CID=(PROGRAM=kv.exe)(HOST=Windows NT PC)(USER=Anon006))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.2.10.92)(PORT=4821)) * establish * PBSCS * 12505
TNS-12505: TNS:listener could not resolve SID given in connect descriptor
24-OCT-2002 11:08:33 * (CONNECT_DATA=(SID=PBSCS)(GLOBAL_NAME=PBSCS.world)(CID=(PROGRAM=kv.exe)(HOST=Windows NT PC)(USER=Anon006))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.2.10.92)(PORT=4826)) * establish * PBSCS * 12505
TNS-12505: TNS:listener could not resolve SID given in connect descriptor
24-OCT-2002 11:08:50 * (CONNECT_DATA=(SID=PBSCS)(GLOBAL_NAME=PBSCS.world)(CID=(PROGRAM=kv.exe)(HOST=Windows NT PC)(USER=Anon006))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.2.10.92)(PORT=4836)) * establish * PBSCS * 12505
TNS-12505: TNS:listener could not resolve SID given in connect descriptor
24-OCT-2002 11:10:26 * service_update * dwh * 0
24-OCT-2002 11:12:11 * service_update * usg * 0



Manoj Srivastava

0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО10-24-2002 12:20 PM

тАО10-24-2002 12:20 PM

Re: monitor connections to secondary ip address

Sounds like what you want is a script file that runs netstat -an and then reads the port number and replaces it with its entry in /etc/services. Suppose it might also have to do a reverse lookup on the ip address tho I suspect you might want to have it create a host table file of its own and add new host names to the table so it wouldn't have to do a lookup for every address every time.

Ron
0 Kudos
Reply
rick jones
Honored Contributor

тАО10-25-2002 09:41 AM

тАО10-25-2002 09:41 AM

Re: monitor connections to secondary ip address

download and install lsof on the system. then take the netstat -an output, extract the connections to the secondary IP address. take that addressing information, and use it in calls to lsof to see which process or processes are associated with that socket.

from there the rest is left as an excercise to the reader :) it might involve merging-in some of the other suggestions. - grepping through logfiles and the like.

there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.