ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just would like to log all running service which it has been " ESTABLISHED " , may I know how to do it , would advise how to write such script .
Which kind of service? If you are using iptables or netstat or tcpdump then you are only tracking the state of the TCP (presumably not UDP) connection at layer 4 aka the transport layer and not the service itself which would be layer 7 aka the application layer.
Which kind of service? If you are using iptables or netstat or tcpdump then you are only tracking the state of the TCP (presumably not UDP) connection at layer 4 aka the transport layer and not the service itself which would be layer 7 aka the application layer.
netstat -tan | fgrep ESTABLISHED | while read _ _ _ From To _; do echo "$From $To"; done
Thanks your advise , your script may be work , if I would like to know the details of established service in period of time ( paat and future time ) , eg. from 2018-10-01 to 2018-12-31 , is it possible ?
Unless you have logged everything between 2018-10-01 to 2018-12-31 what is past is gone.
In particular, the ESTABLISHED state as discussed here is a property defined by netfilter/iptables and is derived by netstat from the current state of kernel network processes. For non-TCP connections the ESTABLISHED state is entirely a fabrication of netfilter/iptables, so the only way to log that really would be to add an appropriate rule similar to this...
Code:
IPTABLES -A CHAINNAME -m conntrack --ctstate ESTABLISHED -j LOGGER options
...where CHAINNAME is where you want to place the rule, usually INPUT or OUTPUT, and LOGGER is the logging facility you want to use (probably LOG, NFLOG or ULOGD, each with appropriate optional arguments).
Last edited by astrogeek; 12-05-2018 at 09:24 PM.
Reason: more complete
Unless you have logged everything between 2018-10-01 to 2018-12-31 what is past is gone.
In particular, the ESTABLISHED state as discussed here is a property defined by netfilter/iptables and is derived by netstat from the current state of kernel network processes. For non-TCP connections the ESTABLISHED state is entirely a fabrication of netfilter/iptables, so the only way to log that really would be to add an appropriate rule similar to this...
Code:
IPTABLES -A CHAINNAME -m conntrack --ctstate ESTABLISHED -j LOGGER options
...where CHAINNAME is where you want to place the rule, usually INPUT or OUTPUT, and LOGGER is the logging facility you want to use (probably LOG, NFLOG or ULOGD, each with appropriate optional arguments).
If the past is gone , what can I do if I start to log the information from now ?
If the past infomration can not be get , how to start to log the information from now ?
Your thread title How to log all ESTABLISHED connection, and original question...
Quote:
Originally Posted by catiewong
If I would like to know what service has been " ESTABLISHED " , their incoming IP etc information has been running / connected to the server .
I just would like to log all running service which it has been " ESTABLISHED " , may I know how to do it , would advise how to write such script .
And when asked about whether you need only TCP connections or other such as UDP, you replied...
Quote:
Originally Posted by catiewong
All service are established .
...I take to mean you want to log all connections which pass through the ESTABLISHED state.
To do that you will need an iptables rule because UDP, ICMP, SCTP and potentially other protocols exist in the ESTABLISHED state only in netfilter/iptables context.
I gave an example of an iptables rule that you can adapt for that, but you will need to decide how you want to log those and configure the corresponding logging target.
You can begin to learn how to do that by looking at the man pages for iptables-extensions and ulogd, and searching for resources online.
If you need more help here, or if this does not seem to do what you need, it will be very helpful if you can try to explain very clearly just what your actual goal is.
Last edited by astrogeek; 12-06-2018 at 01:30 AM.
Reason: typos, clarity
As I will migrate this server to anohter server , I need to know what service is using in it so that I can setup such service to new server .
therefore , I would like to know all service has running in it .
Ahh.
Code:
netstat -tnlp
will show you all services that are listening.
Those are the services you'd need to set up on the new server...
Looking at/for ESTABLISHED connections will only tell you which services are being used at the time you take a snapshot. Theoretically that might (probably will) be a subset of the services you need to set up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
