Logging failed, and we were mystified

Dan "Effugas" Kaminsky effugas at best.com
Wed Dec 23 11:39:01 GMT 1998

Logging is by no means critical.  The primary function of Samba is to share
files, not to log the fact that they were successfully shared.  Failure of a
secondary feature should not, in general, cause failure of the primary
system.  Imagine if the drive hosting the logs ran out of room--there's no
reason to shut down the entire server because of this.

That being said, it may be good practice to have an option for a script to
be executed should there be an error writing logs.  Some installations,
especially military/high-security sites, log *everything* knowing that logs
are key to hunting down intruders, and therefore also know that filling the
log drive with garbage is a great way to hide one's tracks.

Actually, probably the best general design is for smb.conf to include a line

error handler smbpass.c:105 = /bin/sh errorhandler.sh smbpass.c 105 %E

This translates to "On an error from smbpass.c, code 105, run the generic
error handler script "errorhandler.sh" with the parameters "smbpass.c",
"105", and any supplemental information from the normal error logs."

But that's just an idea.  There would probably be significant issues
implementing this.  It may be that we'd need a line more like

error handler trigger= smbpass.c:*
error handler = /bin/sh errorhandler.sh %c %e %E

Meaning(and no, I didn't check whether any of those %'s were already taken
in the namespace), "Trigger usage of the error handler on any error from
smbpass.c, then execute /bin/sh errorhandler.sh [Error Source File] [Error
Code] [Supplemental Error Information]"

But honestly, this isn't really that HUGE of a priority.

More necessary, IMHO, is a way for SAMBA to log file operations.  No, not
like the debug logs, I mean like web logs.  Win95/NT finally has this
ability with NetWatcher Pro; I think Samba should too.  While there are
issues with what exactly constitutes a file operation "event"(Is an
open/close 1 entry or 2?  What about "streaming" style grabs?), I think the
complexities can be left for the debug logs.  I just want a simple way to
see that computer \\FOO has accessed my shared files, and I don't want to
have to repeatedly check interactively.

-----Original Message-----
From: Richard Sharpe <sharpe at ns.aus.com>
To: Multiple recipients of list <samba-technical at samba.org>
Date: Tuesday, December 22, 1998 11:28 PM
Subject: Logging failed, and we were mystified

>in trying to track down the problems I mentioned yesterday between samba
>1.9.16p11 and 1.9.18p10, we tried to set up Samba on a separate machine.
>Because the directories where we wanted the logs to go were NFS mounted,
>Samba did not write a log file.
>However, it went happily on working!
>Perhaps it should have aborted if the log file could not be written.
>Richard Sharpe, sharpe at ns.aus.com, NIC-Handle:RJS96
>NS Computer Software and Services P/L,
>Ph: +61-8-8281-0063, FAX: +61-8-8250-2080,
>Samba, Linux, Apache, Digital UNIX, AIX, Netscape, Stronghold, C, ...

More information about the samba-technical mailing list