check what was IP address of the user in logs

How to do...

check what was IP address of the user in logs

Postby bischop » Wed Jan 11, 2017 1:29 am

I want to check what was IP address of the user with nick 'NICK-NAME" who connected to mumble-serwer. Is it possible somehow on mumble serwer logs or raspberry pi system ?

Code: Select all
# uname -a
Linux raspberrypi 4.4.34-v7+ #930 SMP Wed Nov 23 15:20:41 GMT 2016 armv7l GNU/Linux

# lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 8.0 (jessie)
Release:        8.0
Codename:       jessie


Code: Select all
# /usr/sbin/murmurd -version
<F>2017-01-11 01:18:38.861 /usr/sbin/murmurd -- 1.2.8-2
bischop
 
Posts: 4
Joined: Tue Jan 10, 2017 10:32 pm

Re: check what was IP address of the user in logs

Postby fwaggle » Sat Jan 21, 2017 11:19 am

Sort of - it's not exactly intuitive. Mumble's logs will look something like this:

2017-01-20 22:00 <71:(-1)> New connection: 123.123.123.123:56584
2017-01-20 22:00 <71:(-1)> Client version 1.2.9 (Win: 1.2.9)
2017-01-20 22:00 <71:JoeUser(42)> Authenticated


The first bit after the timestamp is in the format of <connection_id:username(user_id)>. 71 is the connection ID, with (-1) and a blank username because at this point in time the user isn't authenticated yet. You'll note that on the first line, the IP address and source port of the TCP connection are logged.

Later, on line three, the user authenticates. We see the tag switch to username JoeUser and user ID 42.

So what you need to do if you want to know what IP address someone joined from is to go through the logs and look for the username, look for the connection ID, then look from where that connection ID originally connected and you'll find the IP address.
Full disclosure: I run a semi-commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.
Avatar is stolen from here
User avatar
fwaggle
Team member
Team member
 
Posts: 212
Joined: Tue Oct 06, 2009 10:40 pm
Location: Australia

Re: check what was IP address of the user in logs

Postby bischop » Fri Mar 03, 2017 9:39 pm

I want to check what was IP address of the user with nick 'NICK-NAME" who connected to mumble-serwer.


Try this:

Code: Select all
cat /var/log/mumble-server/mumble-server.log | grep 'NICK-NAME' -n -B 4 -m 1 | grep 'New connection:' -m 1 | awk '{print $NF}'



All you need to do to search logs are learn how to use linux command with parameters. For exmaple start to learn (google) about those on the begining:
    cat
    grep
    awk
    sed

As well try to learn about regExp patterns. You will need it for little more complicated nick names and filtering results.
bischop
 
Posts: 4
Joined: Tue Jan 10, 2017 10:32 pm


Return to Usage

Who is online

Users browsing this forum: No registered users and 2 guests

cron