Timeline Was: Re: Admin logging SoC project requirements

Michael Krax mk-samba at krax.net
Thu Jun 1 11:31:41 GMT 2006

On Wed, May 31, 2006 at 03:32:09PM +0200, Michael Krax wrote:

> As for the milestones, is the rather general timeline I provided for the
> application okay for this week
> (http://userpage.fu-berlin.de/~krax/soc/samba.html)?  I would rather
> write some code (prototypes, sample header files) and specify milestones
> based upon that, but I am not sure that I will achieve it till Friday.

Okay, I "upgraded" my last posting with some dates and made it a litte
bit more structured.  Feel free to add some more requirements.

Administrative logging support

* Provide an admin log function call which writes information 
  to a configurable target (till June 26).

  void admin_log(uint32 eventTypeId, uint16 priority, 
	         const char *user, const char *machine,
	         const char *format_str, ...);
  /* eventTypeId is a combination of (eventType << 16 | eventId)
     priority refers to syslog-priority (uint16 is a arbitrary choice)
     there should be some wrapper functions providing easy access 
     to the different parameters: */
  void admin_log_connstruct(uint16 eventType, uint16 priority,
	                    struct conn_struct *cs, 
			    const char *format_str, ...);
  /* on the assumption that conn_struct provides user and machine */
* Parse configuration options and adjust logging to config (till 
  June 26). 

* Provide a list of ADMIN_LOG_EVENT_TYPEs (till June 26).

* Implement some calls to admin_log (till June 26).
  - User add
  - Configuration changes
  - Wrong password to DC
  - Some printer changes (adding a printer etc.)

* After midterm evaluation (June 26):
  - Implement format string support
  - Provide some more calls to admin_log (selection 
    depending on developer feedback)
  - Documentation
  - Automated testing (does this make any sense?)
  - Auditing (if there is time)
  - Support for external database with advanced help (?)
  - ...

Minor steps till June 26:

* First working code samples till June 8

* First complete implementation of the features mentioned above
  till June 15 (not necessarily working ...)

An admin log entry should provide the following information:

- User
  Should be the local user name, if not available the remote user.
  It should be visible if the user was authenticated.

- Machine
  The idea is to log the remote machine name

- Log Level (Information, Warning, Error) = syslog priority; and
  Audit Success, Audit Failure (see EventLog)

- Event Type (ie. Source as in Subsystem, Service etc.) and
  Event ID
  both are 16 bit values passed as uint32.  There could be some generic
  event ids (out of memory for example) so that the system could provide
  some generic help in case that type<<16|id is not found.

- Description

(the following two are set by admin_log/syslog:)
- Timestamp
- OS and version (bitmasked)?

and additionally, perhaps:
- Category (could help to filter entries, but I cannot see a useful
- NTSTATUS code returned (could be included in description)

Output format:

[date-localhost-prefix] 0x03340003 \\MACHINE USER (Event-type-as-text) Description
with 0x03340003 being the event type<<16|id; \\MACHINE could be omitted.

In that way, the string is (with some effort) machine parseable.

Configuration options:

* admin log = on / off (or destination: syslog)

* admin log event types = all -or- auth printing passdb etc.

* admin log level = info warn error (+ audit_failure audit_success)
  The last two values correspond to the EventLog documentation.

* admin log format = some printf formatted format string
  (after midterm evaluation)

Michael Krax
Phone +49(0)30.76765923  Mobile +49(0)163.7325923

More information about the samba-technical mailing list