Date: Wed, 15 Feb 2006 16:32:36 -0500 From: Aaron Peterson <lloyd.peterson@gmail.com> To: Glenn McCalley <techlist@bnetmd.net> Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what Message-ID: <95550eab0602151332n20ff5e27w1ae17e9e114515b6@mail.gmail.com> In-Reply-To: <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/15/06, Glenn McCalley <techlist@bnetmd.net> wrote: > > ----- Original Message ----- > From: "Bj=F6rn K=F6nig" <bkoenig@cs.tu-berlin.de> > To: "Glenn McCalley" <techlist@bnetmd.net> > Cc: <freebsd-questions@freebsd.org> > Sent: Wednesday, February 15, 2006 11:13 AM > Subject: Re: how to tell what ran what > > > > Glenn McCalley schrieb: > > > > > Is there a way to find out -which- -process- calls another process? > > > > Each process is associated with a parent; look at the ppid column: > > > > ps axo user,pid,ppid,command > > > > Bj=F6rn > > > > > Thanks, I stated the question poorly. My fault. > Is historical info available and is it available by file name? > > I trying to find out (for example) what (unknown) program ran another > (known) program between 0900 and 1000 yesterday - something like that. > > I've got a customer sending our emails that he shouldn't - I don't know > which customer it is. The program that sends the mail is running as a cg= i > so it all shows up as user "nobody". > > If I can get a list of what programs, path and file name, called sendmail > over (say) the last 24 hours, one of them should jump off the page with a= n > unreasonable level of activitiy. > > Thanks! > Glenn. Perhaps I'm missing something, but if a script is being called via CGI it would need to be called by a process running as user "nobody" in your case (like a web server). In which case, you probably will never know who called it, but you might get their IP address from the web server access logs as has already been mentioned... If you have a server with multiple accounts for say, shared web hosting, you should definitely grep through their scripts for something like "mail" to look for the person who installed scripts with mailing functions...=20 anyhow, wish you luck :-) Aaron
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95550eab0602151332n20ff5e27w1ae17e9e114515b6>