HPE Community
Operating System - HP-UX
1824988 Members
2058 Online
109678 Solutions
New Discussion юеВ

History list if IP address connected to hp-ux server

 
Jimmy Aulestia_2
Frequent Advisor

тАО11-20-2006 01:27 AM

тАО11-20-2006 01:27 AM

History list if IP address connected to hp-ux server

Can i get the list of ip addres connected to hp-ux server?

The files btmp and utmp give me the logins, but there are aplications or servers that open ports whitout login.

netstat -an give the runnig connections, but Can i know all ips that connected in a day, week, etc?

Thanks


Jimmy
0 Kudos
11 REPLIES 11
Steven E. Protter
Exalted Contributor

тАО11-20-2006 01:42 AM

тАО11-20-2006 01:42 AM

Re: History list if IP address connected to hp-ux server

Shalom,

last -R

Shows IP addresses otherwise you are parsing /var/adm/syslog/syslog.log

inetd -l enhances logging and can give you moreinformation in the future.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Coolmar
Esteemed Contributor

тАО11-20-2006 01:57 AM

тАО11-20-2006 01:57 AM

Re: History list if IP address connected to hp-ux server

last -R should give you what you are looking for...it gives the full hostname...which may not necessarily be the IP address if you specifically want that. We have DNS running and therefore when I type last -R I get the hostname.FQDN (Fully qualified domain name).
0 Kudos
Jimmy Aulestia_2
Frequent Advisor

тАО11-20-2006 03:45 AM

тАО11-20-2006 03:45 AM

Re: History list if IP address connected to hp-ux server

last -R give the logins an logout, but some aplications connect to the server without login, for example connections to oracle.

Some connection don't login to the operating sistem and the last -R don't save them.

I need to know all server or pc that have been connected to hp-ux server.

Jimmy
0 Kudos
spex
Honored Contributor

тАО11-20-2006 03:52 AM

тАО11-20-2006 03:52 AM

Re: History list if IP address connected to hp-ux server

Hi,

# netstat -an | grep 'ESTABLISHED$'

PCS
0 Kudos
Bill Hassell
Honored Contributor

тАО11-20-2006 04:09 AM

тАО11-20-2006 04:09 AM

Re: History list if IP address connected to hp-ux server

This is a LOT more complicated (and extensive) than it sounds. You have to define what you mean by connected. Does it include every ping test? Does it include NFS or CIFS/Samba connections? How about remote printing? Perhaps NTP for time keeping? Oracle database connections? ssh/scp/sftp, remote shells, ftp, web pages, DHCP, DNS, LDAP, NIS, remote syslog...well, you get the picture. What you really want is a network trace and summary, something like nettl on HP-UX or Wireshark (aka, Ethereal) on HP-UX or a PC. Be prepared for VERY large logfiles and a *LOT* of work to summarize the connections.

If this is a production system and there are questions about security, start by (download) running Bastille to close off unused ports. This makes the logs a lot smaller and takes you to the goal of a reliable, secure system.


Bill Hassell, sysadmin
0 Kudos
Jimmy Aulestia_2
Frequent Advisor

тАО11-20-2006 06:15 AM

тАО11-20-2006 06:15 AM

Re: History list if IP address connected to hp-ux server

I need all connection, SAMBA, nfs, ping, etc.

The ESTABLISHED connections don├В┬┤t give the informati├Г┬│n of the past connection.

What is the correct option or flag of nettl command for check the ip address? the manual is not clear.

Thanks
Jimmy
0 Kudos
rick jones
Honored Contributor

тАО11-20-2006 12:58 PM

тАО11-20-2006 12:58 PM

Re: History list if IP address connected to hp-ux server

If you need an absolute list, the some form of ipfilter logging will be required. I don't know the specifics, but I am certain the docs at docs.hp.com will discuss it.

There would be ways I suspect to use nettl or tcpdump, but I suspect that the ipfilter logging might be "better" for some definition of better.

Otherwise, if you were to have a script that periodically looked at the IP IRE hash table (IIRC that is the thing) with ndd you would be able to find those IP's at that snapshot to which we've send traffic. If you look more frequenty than the ire_flush interval (peruse ndd -h and/or ndd /dev/ip ?) and are good at "merging" you could arrive at a list of the IPs with which the system has communicated. However, that would not tell you anything more than the IP's - it would not tell you which protocols to which IP.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Yogeeraj_1
Honored Contributor

тАО11-20-2006 04:09 PM

тАО11-20-2006 04:09 PM

Re: History list if IP address connected to hp-ux server

hi Jimmy,


for the Oracle connections, you can verify your $ORACLE_HOME/network/log/listener.log

e.g.

grep HOST $ORACLE_HOME/network/log/listener.log


hope this helps too!


kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Yogeeraj_1
Honored Contributor

тАО11-20-2006 04:12 PM

тАО11-20-2006 04:12 PM

Re: History list if IP address connected to hp-ux server

hi again,

You can also get the IP Addressed of clients connecting through your Apache Web Server by verifying the "access_log" file

hope this helps too!

kind regards
yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Biswajit Tripathy
Honored Contributor

тАО11-20-2006 09:16 PM

тАО11-20-2006 09:16 PM

Re: History list if IP address connected to hp-ux server

As Rick Jones suggested, IPFilter can be used.
There is a "log first" keyword combination that
logs initiation of all TCP connections. Likewise,
UDP and ICMP connections can be logged using
additional IPFilter rules.

You could even write scripts (that uses 'ipfstat'
command) that runs periodically and pulls out
all existing connections to/from the system.
To give an example, one such script could run
once in 5 minutes and keep track of all
connections and printout when new connections
are created and old ones are terminated and print
to a file.

- Biswajit
:-)
0 Kudos
Jimmy Aulestia_2
Frequent Advisor

тАО11-22-2006 07:34 AM

тАО11-22-2006 07:34 AM

Re: History list if IP address connected to hp-ux server

I will use ipfilter.

Thanks.
Jimmy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.