ConfigServer Community Forum

Couldn't find a specific forum for OSM so posting here.
Hi, You installed OSM for us as part of the cpanel services a few months ago. OSM has now sent us a mail report but does not say who the user account sending the mail is or what directory the mail script originated from. Are we missing something? Example:
WHM Report URL:
https://our-domain-name:2087/cgi/config ... 74438624_1

Report Date:

Fri Nov 22 16:03:44 2019

Report Message:

User logged 618 packet events in the last 300 seconds (Trigger Level 1 count = 100 for )


Report Actions:

Actions (email,store):

Email sent to root

Report data stored in /etc/osm/reports/report_1574438624_1


Report Settings Trigger:

default:trigger1:packet


Sample of Events (restricted to 5):
Event ID packet_1574438467_143
dst xxxxxxxxxx
src xxxxxxxxx
time Fri Nov 22 16:01:07 2019
type packet

Hello,

This exact problem is happening to us, and considering there is no OSM section and only 10-20 OSM posts total across all boards, I thought it might be most prudent to add to the previously-existing thread on the matter.

Showing which user sent the e-mail and via what script is essentially the core feature of OSM. For that to be missing by design seems wrong, so I hope the user above and I are missing something here.

Does anyone happen to have experience with this issue and resolving it?

Osm cannot always detect the user associated with the packet activity. Osm uses pcap to detect outgoing connections with a desination port 25. Osm then looks it up in the /proc/net/tcp and /proc/net/tcp6 connection kernel files. If the connection is still active, it will get the user from that file. If the connection is no longer active, it cannot report a user for the packet/connection. ​ When the user is not reported, it can be assumed that the connection was no longer active when osm looked up the connection in the connection files.