How come failed authentications aren't ....

Peter Polkinghorne Peter.Polkinghorne at brunel.ac.uk
Fri Feb 26 11:43:46 GMT 1999


OK - here is what I did for auditing of Samba usage - this applies to 
1.9.18p10 - firstly the design goal was to use syslog - we centrally save the 
authlog output as well as locally on the servers.  Secondly the samba logs 
were there but not much help.

I made a simple mod (submitted to samba-bugs as possible improvement) to log 
connections (open & close) (PR#7471) to LOG_AUTH facility.  This could 
obviously be extended to authentication failure - which we do not log.

The syslog files can then be post processed - I use Perl scripts for so doing 
- see: ftp://ftp.brunel.ac.uk/cc/peter/samba/

But overall I find syslog a big win over the current Samba log files.

-- 
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| Peter.Polkinghorne at brunel.ac.uk   +44 1895 274000 x2561       UK          |
-----------------------------------------------------------------------------




More information about the samba-technical mailing list