What I ideally want is to log the cmdline associated with an outbound packet. However, I'm open to suggestions. What I have is: Mar 7 16:30:25 name kernel: [618790.917928] FW: output REJECT IN= OUT=eth1 SRC=1.2.3.4 DST=5.6.7.8 LEN=94 TOS=0x00 PREC=0x00 TTL=64 ID=56030 DF PROTO=UDP SPT=55207 DPT=514 LEN=74 (as one example - I can break out tshark and probably figure out what it is, but I want something more in my logs) I see this about auditd: http://serverfault.com/questions/192893/how-i-can-identify-which-process-is-making-udp-traffic-on-linux Specifically: # auditctl -a exit,always -F arch=b64 -F a0=2 -F a1=2 -S socket -k SOCKET Which isn't telling me what I want to know (or really, doesn't seem to be reporting for each log I'm getting from ipt). Besides, if I've already got an ipt LOG, why should I be using another tool for similar info - this seems wasteful? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
