[Samba] Log File Format Changes
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Jan 10 03:47:34 MST 2010
On Thu, Jan 07, 2010 at 12:57:02AM -0500, Jimmy Theis wrote:
> I'm considering writing a Python module for parsing file access entries
> from Samba logs. I plan on using regular expressions to do most of this,
> and I'm curious as to whether or not the log format is consistent across
> all versions of Samba. If it isn't, can you please direct me to the
> documentation on any older or alternative formats?
>
> I'm currently using Samba 3.0.33 (RedHat), which outputs entries like this:
>
> =====================================================================
> [2010/01/05 17:38:52, 2] smbd/open.c:open_file(391)
> admin opened file welcome.txt read=Yes write=No (numopen=4)
> [2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406)
> admin closed file welcome.txt (numopen=3) NT_STATUS_OK
> =====================================================================
You might want to look at the full_audit VFS module. The
format there can be defined by smb.conf settings. The debug
output is not standardized in any way.
Volker
More information about the samba
mailing list