event auditing (was Re: Logging failed)
thwartedefforts at wonky.org
thwartedefforts at wonky.org
Wed Dec 23 17:28:33 GMT 1998
On Wed, 23 December 1998, "Dan \"Effugas\" Kaminsky" wrote:
> More necessary, IMHO, is a way for SAMBA to log file operations. No, not
> like the debug logs, I mean like web logs. Win95/NT finally has this
> ability with NetWatcher Pro; I think Samba should too. While there are
> issues with what exactly constitutes a file operation "event"(Is an
> open/close 1 entry or 2? What about "streaming" style grabs?), I think the
> complexities can be left for the debug logs. I just want a simple way to
> see that computer \\FOO has accessed my shared files, and I don't want to
> have to repeatedly check interactively.
My auditing patch can handle that, still in development though, but I have been using it in my production environment for the last 3 or 4 months with no problems.
http://www.reac.com/samba/samba-audit.html
http://www.reac.com/samba/samba-audit-2beta4.diff
Of course, there are still some issues to be worked out, like logoff events are not handled cleanly, and print operations are not handled at all. And it needs to use the detected syslog stuff from the configure script, etc, etc.
Andy.
More information about the samba-ntdom
mailing list