From owner-freebsd-questions@FreeBSD.ORG Wed Feb 15 20:44:37 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A5EB16A424 for ; Wed, 15 Feb 2006 20:44:37 +0000 (GMT) (envelope-from brian@planetshwoop.com) Received: from albright.psys.org (albright.psys.org [64.81.145.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 684B943D5A for ; Wed, 15 Feb 2006 20:44:36 +0000 (GMT) (envelope-from brian@planetshwoop.com) Received: from psys.org ([209.242.32.214] helo=webmail.psys.org ident=807f9df0070a8c419a320b9262440d9d) by albright.psys.org with esmtp (Exim 4.60) (envelope-from ) id 1F9TVq-0006wk-P1; Wed, 15 Feb 2006 14:44:34 -0600 Received: from 4.17.250.5 (SquirrelMail authenticated user brian) by webmail.psys.org with HTTP; Wed, 15 Feb 2006 14:44:34 -0600 (CST) Message-ID: <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> In-Reply-To: <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> Date: Wed, 15 Feb 2006 14:44:34 -0600 (CST) From: "Brian Sobolak" To: "Glenn McCalley" User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: brian@planetshwoop.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2006 20:44:37 -0000 Glenn McCalley wrote: > > ----- Original Message ----- > From: "Björn König" > To: "Glenn McCalley" > Cc: > Sent: Wednesday, February 15, 2006 11:13 AM > Subject: Re: how to tell what ran what > > >> Glenn McCalley schrieb: >> >> > Is there a way to find out -which- -process- calls another process? >> >> Each process is associated with a parent; look at the ppid column: >> >> ps axo user,pid,ppid,command >> >> Björn >> >> > Thanks, I stated the question poorly. My fault. > Is historical info available and is it available by file name? > > I trying to find out (for example) what (unknown) program ran another > (known) program between 0900 and 1000 yesterday - something like that. > > I've got a customer sending our emails that he shouldn't - I don't know > which customer it is. The program that sends the mail is running as a cgi > so it all shows up as user "nobody". > > If I can get a list of what programs, path and file name, called sendmail > over (say) the last 24 hours, one of them should jump off the page with an > unreasonable level of activitiy. > The web server logs don't tell you anything in the URL data? A CGI script usually has some parameters which might provide some assistance. brian -- Brian Sobolak http://www.planetshwoop.com/