How come failed authentications aren't ....
Peter Polkinghorne
Peter.Polkinghorne at brunel.ac.uk
Fri Feb 26 11:43:46 GMT 1999
OK - here is what I did for auditing of Samba usage - this applies to
1.9.18p10 - firstly the design goal was to use syslog - we centrally save the
authlog output as well as locally on the servers. Secondly the samba logs
were there but not much help.
I made a simple mod (submitted to samba-bugs as possible improvement) to log
connections (open & close) (PR#7471) to LOG_AUTH facility. This could
obviously be extended to authentication failure - which we do not log.
The syslog files can then be post processed - I use Perl scripts for so doing
- see: ftp://ftp.brunel.ac.uk/cc/peter/samba/
But overall I find syslog a big win over the current Samba log files.
--
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| Peter.Polkinghorne at brunel.ac.uk +44 1895 274000 x2561 UK |
-----------------------------------------------------------------------------
More information about the samba-technical
mailing list