Timeline Was: Re: Admin logging SoC project requirements
Michael Krax
mk-samba at krax.net
Thu Jun 1 11:31:41 GMT 2006
On Wed, May 31, 2006 at 03:32:09PM +0200, Michael Krax wrote:
> As for the milestones, is the rather general timeline I provided for the
> application okay for this week
> (http://userpage.fu-berlin.de/~krax/soc/samba.html)? I would rather
> write some code (prototypes, sample header files) and specify milestones
> based upon that, but I am not sure that I will achieve it till Friday.
Okay, I "upgraded" my last posting with some dates and made it a litte
bit more structured. Feel free to add some more requirements.
Administrative logging support
* Provide an admin log function call which writes information
to a configurable target (till June 26).
void admin_log(uint32 eventTypeId, uint16 priority,
const char *user, const char *machine,
const char *format_str, ...);
/* eventTypeId is a combination of (eventType << 16 | eventId)
priority refers to syslog-priority (uint16 is a arbitrary choice)
there should be some wrapper functions providing easy access
to the different parameters: */
void admin_log_connstruct(uint16 eventType, uint16 priority,
struct conn_struct *cs,
const char *format_str, ...);
/* on the assumption that conn_struct provides user and machine */
* Parse configuration options and adjust logging to config (till
June 26).
* Provide a list of ADMIN_LOG_EVENT_TYPEs (till June 26).
* Implement some calls to admin_log (till June 26).
- User add
- Configuration changes
- Wrong password to DC
- Some printer changes (adding a printer etc.)
* After midterm evaluation (June 26):
- Implement format string support
- Provide some more calls to admin_log (selection
depending on developer feedback)
- Documentation
- Automated testing (does this make any sense?)
- Auditing (if there is time)
- Support for external database with advanced help (?)
- ...
Minor steps till June 26:
* First working code samples till June 8
* First complete implementation of the features mentioned above
till June 15 (not necessarily working ...)
An admin log entry should provide the following information:
- User
Should be the local user name, if not available the remote user.
It should be visible if the user was authenticated.
- Machine
The idea is to log the remote machine name
- Log Level (Information, Warning, Error) = syslog priority; and
Audit Success, Audit Failure (see EventLog)
- Event Type (ie. Source as in Subsystem, Service etc.) and
Event ID
both are 16 bit values passed as uint32. There could be some generic
event ids (out of memory for example) so that the system could provide
some generic help in case that type<<16|id is not found.
- Description
(the following two are set by admin_log/syslog:)
- Timestamp
- OS and version (bitmasked)?
and additionally, perhaps:
- Category (could help to filter entries, but I cannot see a useful
category)
- NTSTATUS code returned (could be included in description)
Output format:
[date-localhost-prefix] 0x03340003 \\MACHINE USER (Event-type-as-text) Description
with 0x03340003 being the event type<<16|id; \\MACHINE could be omitted.
In that way, the string is (with some effort) machine parseable.
Configuration options:
* admin log = on / off (or destination: syslog)
* admin log event types = all -or- auth printing passdb etc.
* admin log level = info warn error (+ audit_failure audit_success)
The last two values correspond to the EventLog documentation.
* admin log format = some printf formatted format string
(after midterm evaluation)
--
Michael Krax
Phone +49(0)30.76765923 Mobile +49(0)163.7325923
More information about the samba-technical
mailing list