Determine which user started tcp connection

Terje Elde terje at
Sun Nov 29 20:03:11 UTC 2015

> On 29 Nov 2015, at 16:15, Artem Kuchin <artem at> wrote:
> I have a jail with shared hosting. Many sites are hosted. Each on its own user.
> I want to monitor their external connections. I allow external connections but want to
> see what's going  on.
> IPFW allowes easily to see all outgoing connection setups from jail, but i cannot
> see which user started it.
> I googled and i see that requests to add UID to IPFW log were first in 2008 but
> i still do not see it in the version 10.
> So, is there a way to log UID and connection params  (dst ip and port) ?

pflog can give you that.

It can give you pid as well, and combined with audit-logging, that could give you the program that’s causing it, not just the user.


More information about the freebsd-questions mailing list