tcplog(4) CLIX tcplog(4)
NAME
tcp_log - TCP/IP activity log file
DESCRIPTION
The /usr/adm/tcp_log file is the log file for the TCP/IP log utility,
which monitors incoming requests for connections to the ftpd, telnetd,
rlogind, rshd, and rexecd network services. The log file is created when
the log utility is started (refer to log(8)).
The /usr/adm/tcp_log file also contains information on whether the
connection requests were allowed or refused. This information comes from
the tcpd server, which is invoked by the log utility. The tcpd server
reads the /etc/hosts.allow and /etc/hosts.deny files to determine which
network services and remote clients should be granted or denied permission
to access the local network services.
The format of the entries in the /usr/adm/tcp_log file is as follows:
date time local_host net_service[pid]: message remote_client
These elements are described as follows:
date The date of the connection attempt.
time The time of the connection attempt.
local_host
The name of the host to which the connection attempt was made.
net_service[pid]
The network service being requested and the PID of that daemon.
message
Error and connection information.
remote_client
The name of the remote client making the request.
EXAMPLES
1. This example of a line from a /usr/adm/tcp_log file shows a connection
request was made to the host "gator" for an rlogin connection from the
host "cubbies.b35.inc.com," and that the connection was allowed:
Feb 3 10:19:41 gator rlogind[9456]: connect from cubbies.b35.inc.com
2. This example shows a connection request made to "gator" for a telnet
connection from the host "minnow.b9a.inc.com" that was allowed:
2/94 - Intergraph Corporation 1
tcplog(4) CLIX tcplog(4)
Feb 3 15:25:00 gator telnetd[9679]: connect from minnow.b9a.inc.com
3. This example shows a connection request made to "gator" for an rlogin
connection from the host "mojo." This connection was denied, probably
because the requesting client is denied access to an rlogin connection
in the /etc/hosts.deny file:
Feb 4 09:10:56 gator rlogind[9544]: connect from mojo.pro1.abc.com
Feb 4 09:10:56 gator rlogind[9544]: refused connect from mojo.pro1.abc.com
4. This example shows that a connection request was made to the host
"tigers" for an ftp connection from the host "ted.braves.atl.com."
Because of an error in the /etc/hosts.deny file, the rules for denying
connections could not be determined, so the connection was granted and
an error message was logged:
Feb 3 15:35:48 tigers ftpd[9584]: connect from ted.braves.atl.com
Feb 5 15:35:48 tigers ftpd[9584]: /etc/hosts.deny: malformed entry: "ftpd.ALL"
FILES
/etc/hosts.allow
Host access control file listing remote clients and the local
network services to which they are to be granted access.
/etc/hosts.deny
Host access control file listing remote clients and the local
network services to which they are to be denied access.
RELATED INFORMATION
Commands: log(8), tcpd(8)
Files: hosts.allow(4)
2 Intergraph Corporation - 2/94