> I suppose you could use tcpdump on a separate system with a mirrored switch
> port and have it log TCP SYN and FIN packets on port 5432 to your database
> server only. Keeps all I/O off your database server.
> tcpdump -w port5423.log -n "tcp and port 5432 and tcp[tcpflags] &
> (tcp-syn|tcp-fin) != 0 and host IP"
That's an excellent idea, but note that this will also log
unsuccessful connection attempts (that is, successful TCP connections
that fail PostgreSQL authentication) without much of a way to
distinguish the two, especially if the connections are encrypted.
---
Maciek Sakrejda | System Architect | Truviso
1065 E. Hillsdale Blvd., Suite 215
Foster City, CA 94404
(650) 242-3500 Main
www.truviso.com