tools for user logon tracking?

Jim Jarvie ntl-linux at
Wed Mar 28 10:57:25 GMT 2001


I use the "root preexec" & "root postexec" options to run a small script 
which copies the information I am interested in to a log file.  The %M 
etc macros are expanded to form the command parameters and the scripts 
just use these to fill the log files.  If you wanted to be really fancy, 
you could make a small program which places the information into a 
database (say PostgreSQL or MySQL to name but two).

These options can even be used on a per share basis;  I use the profiles 
share as my "logon" & "logoff" detection, but you can log each share this 
way, so if you have a sensitive share, you could log access to record 
when it is used [you would protect it with user, group or machine (or a 
combination of them all) permissions, of course !].  I do this to prove 
to my paranoid users their share is actually protected !



Anyone know of a simple tool to take the smbd/nmbd logs and create some 
sort of connection/usage chart/info? I want to be able to see when my 
users are logging on and logging out... I know the info of course is in 
logs, and could be gotten with grep/sed, but was wondering if someone has 
already done something like this.


More information about the samba-ntdom mailing list