From owner-freebsd-questions@FreeBSD.ORG Wed Feb 15 21:09:03 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB67616A422 for ; Wed, 15 Feb 2006 21:09:03 +0000 (GMT) (envelope-from techlist@bnetmd.net) Received: from ns1.bnetmd.net (ns1.BNETMD.NET [216.133.66.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 560BD43D48 for ; Wed, 15 Feb 2006 21:09:03 +0000 (GMT) (envelope-from techlist@bnetmd.net) Received: from glenn (c-68-34-37-204.hsd1.md.comcast.net [68.34.37.204]) by ns1.bnetmd.net (8.13.1/8.13.1) with SMTP id k1FL8PwW055668 for ; Wed, 15 Feb 2006 16:08:32 -0500 (EST) (envelope-from techlist@bnetmd.net) Message-ID: <002d01c63274$639f0980$6601a8c0@bnetmd.net> From: "Glenn McCalley" To: References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> Date: Wed, 15 Feb 2006 16:11:25 -0500 Organization: Business.Net LLC MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Re: how to tell what ran what X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Glenn McCalley List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2006 21:09:03 -0000 > > > > > >> Glenn McCalley schrieb: > >> > >> > Is there a way to find out -which- -process- calls another process? > >> > >> Each process is associated with a parent; look at the ppid column: > >> > >> ps axo user,pid,ppid,command > >> > >> Björn > >> > >> > > Thanks, I stated the question poorly. My fault. > > Is historical info available and is it available by file name? > > > > I trying to find out (for example) what (unknown) program ran another > > (known) program between 0900 and 1000 yesterday - something like that. > > > > I've got a customer sending our emails that he shouldn't - I don't know > > which customer it is. The program that sends the mail is running as a cgi > > so it all shows up as user "nobody". > > > > If I can get a list of what programs, path and file name, called sendmail > > over (say) the last 24 hours, one of them should jump off the page with an > > unreasonable level of activitiy. > > > > The web server logs don't tell you anything in the URL data? A CGI script > usually has some parameters which might provide some assistance. > > brian > > > -- > Brian Sobolak > http://www.planetshwoop.com/ > > Thanks Brian, that's already tonights project to run through those logs and see if anything jumps out there. What I think he might be doing is either POSTing the parameters (which won't show up) or he's loaded a file of email addresses and just triggers the mailer with a simple cgi request. Either way he's got to be calling sendmail or mail to get it out the door I believe. Thanks! Glenn.