> > To get more specific about what's going on. My network services have > informed me that the machine is probing other systems at a high rate. An > infection of some sort. And I'm trying to track down what's going on. > The LOG target lets you display the user id of the process I believe, but not the PID. There might be some iptables extensions out there that would do what you're looking for. Don't know them off the top of my head however. Alternately, perhaps you could use SELinux for this? I know its audit logs would give you the level of detail you're looking for, but getting the policy written for it might be challenging. Ray