When a Solaris server is configured to support network services, it is valuable to know which clients are connecting to these services. If the network service is controlled by inetd(1m), each connection can be logged by setting ENABLE_CONNECTION_LOGGING to “YES” in the /etc/default/inetd configuration file:
$ grep ENABLE_CONNECTION_LOGGING /etc/default/inetd
ENABLE_CONNECTION_LOGGING=YES
If you are using Solaris 10, you can also use the new inetadm(1m) utilities “-M� (change the values of the specified inetd default properties) option to enable connection logging:
$ inetadm -M tcp_trace=true
This will enable connection logging for all inetd-based services, and is identical to setting “ENABLE_CONNECTION_LOGGING=YES” in the /etc/default/inetd configuration file. If you are using Solaris 10, you can verify that connection logging is enabled by checking for “tcp_trace=TRUE” in the inetadm(1m) “-p” (lists all default inet service property values provided by inetd in the form of name=value pairs) output:
$ inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=TRUE
tcp_wrappers=FALSE
Once connection logging is enabled, a system logfile entry similar to the following will be created for each new connection:
Oct 15 17:05:12 tigger inetd[228]: [ID 317013 daemon.notice imaps[16566] from 192.168.1.8 53935
This lists the IP address, TCP source port, and the service (imaps in this example) the client tried to connect to. Connection logging is some good stuff!