All of lore.kernel.org
 help / color / mirror / Atom feed
* Filternig/logging by the exe name ?
@ 2007-02-10 15:50 Yakov Lerner
  2007-02-12 17:39 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Yakov Lerner @ 2007-02-10 15:50 UTC (permalink / raw)
  To: netfilter

Which filter allows me to filter/log by the name of the executable ?
Can I log the name of the executable [that was the sender or
receiver of the packet/connection], using such module ?
(talking about outgoing connection, in this case)

Thanks
Yakov


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Filternig/logging by the exe name ?
  2007-02-10 15:50 Filternig/logging by the exe name ? Yakov Lerner
@ 2007-02-12 17:39 ` Jan Engelhardt
  2007-02-13  0:29   ` Yakov Lerner
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2007-02-12 17:39 UTC (permalink / raw)
  To: Yakov Lerner; +Cc: netfilter

Hi,

On Feb 10 2007 17:50, Yakov Lerner wrote:
>
> Which filter allows me to filter/log by the name of the executable ?
> Can I log the name of the executable [that was the sender or
> receiver of the packet/connection], using such module ?
> (talking about outgoing connection, in this case)

Consider the case where there is no process executable attached to a 
socket.


Jan
-- 
ft: http://freshmeat.net/p/chaostables/


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Filternig/logging by the exe name ?
  2007-02-12 17:39 ` Jan Engelhardt
@ 2007-02-13  0:29   ` Yakov Lerner
  0 siblings, 0 replies; 3+ messages in thread
From: Yakov Lerner @ 2007-02-13  0:29 UTC (permalink / raw)
  To: Jan Engelhardt, netfilter

On 2/12/07, Jan Engelhardt <jengelh@linux01.gwdg.de> wrote:
> Hi,
>
> On Feb 10 2007 17:50, Yakov Lerner wrote:
> >
> > Which filter allows me to filter/log by the name of the executable ?
> > Can I log the name of the executable [that was the sender or
> > receiver of the packet/connection], using such module ?
> > (talking about outgoing connection, in this case)
>
> Consider the case where there is no process executable attached to a
> socket.

Empty string would be reasonable representation of the process name in
such case, no ?
How common are sockets without process attached ?

Yakov


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-13  0:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-10 15:50 Filternig/logging by the exe name ? Yakov Lerner
2007-02-12 17:39 ` Jan Engelhardt
2007-02-13  0:29   ` Yakov Lerner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.