Re: Logging the source port?
Joel Jaeggli <joelja@bogus.com> Fri, 13 November 2009 05:59 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 055743A6901 for <ietf@core3.amsl.com>; Thu, 12 Nov 2009 21:59:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[AWL=0.002, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQg2Zj0T7ATt for <ietf@core3.amsl.com>; Thu, 12 Nov 2009 21:59:00 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id B3DE93A682A for <ietf@ietf.org>; Thu, 12 Nov 2009 21:58:59 -0800 (PST)
Received: from [133.93.17.104] (host-17-104.meeting.ietf.org [133.93.17.104]) (authenticated bits=0) by nagasaki.bogus.com (8.14.3/8.14.3) with ESMTP id nAD5xO7R095591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 13 Nov 2009 05:59:27 GMT (envelope-from joelja@bogus.com)
Message-ID: <4AFCF5BB.5050803@bogus.com>
Date: Fri, 13 Nov 2009 14:59:23 +0900
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: Logging the source port?
References: <20091113054936.GA1668@laperouse.bortzmeyer.org>
In-Reply-To: <20091113054936.GA1668@laperouse.bortzmeyer.org>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2 (nagasaki.bogus.com [147.28.0.81]); Fri, 13 Nov 2009 05:59:27 +0000 (UTC)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2009 05:59:01 -0000
common log format doesn't capture that information... http://onlamp.com/pub/a/apache/2004/04/22/blackbox_logs.html?page=3 that said, of the A-P or PAT box which isn't under your control in all likelyhood anyway doesn't log the association of internal devices to external ports then knowing the source port may not tell you that much about which client you're talking to... joel Stephane Bortzmeyer wrote: > At the Transport Area meeting, Alain Durand, presenting > draft-ford-shared-addressing-issues mentioned that we may well have > now to always log the source port of a TCP request, not only the > source IP address (which may well be shared), if we want traceability. > > Does anyone know if it is possible with the typical TCP servers? For > instance, I find no way to do it with Apache > <http://httpd.apache.org/docs/2.2/mod/mod_log_config.html>. > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- Logging the source port? Stephane Bortzmeyer
- Re: Logging the source port? Joel Jaeggli
- Re: Logging the source port? Stephane Bortzmeyer
- Re: Logging the source port? Richard Barnes
- Re: Logging the source port? Arnt Gulbrandsen
- Re: Logging the source port? Stephane Bortzmeyer
- Re: Logging the source port? Stephane Bortzmeyer
- Re: Logging the source port? Arnt Gulbrandsen
- Re: Logging the source port? Arnt Gulbrandsen
- Re: Logging the source port? Phillip Hallam-Baker
- Re: Logging the source port? Phillip Hallam-Baker