Connection logging via preexec and postexec

Jim Delahanty jimd at
Tue Feb 24 15:23:51 GMT 1998

Rather than wade through the smb.log file, we use preexec and postexec
to write smaller, individual logs based on the %u or returned username
of the service.

Example (similar to the man page for smb.conf):
preexec=/bin/csh -c 'echo -n C: %u as %S on %m \(%I\):: >> /usr/samba/
conf/homelogs/%u ; date >> /usr/samba/conf/homelogs/%u' &
postexec=/bin/csh -c 'echo -n X: %u as %S on %m \(%I\):: >> /usr/samba/
conf/homelogs/%u ; date >> /usr/samba/conf/homelogs/%u' &

We get a simple breakdown of connection status by user (C or X, in this
example) like so:

C: jimd as jimd from elvis ( Feb 24 07:57:06 CST 1998
C: jimd as xshare from elvis ( Feb 24 07:57:09 CST 1998
X: jimd as jimd from elvis ( Feb 24 08:13:03 CST 1998

tail the username, or grep the directory if you need machine names, or
other info - easy peasy.  Our MIS department has aliases that do a grep
of the directory to find who's on what machine, etc. Simple.

You can log by username, or machine, or share, or just IP(!), or
whatever, just change the redirection and write wherever you desire.

If you need to process the date information by machine (we don't), it's
generally easier to use date +%y%m%d%H%M%S to get date flavors like
980224081303, and slice and dice the way you want it.  We've even set up
a process that pokes this data into a mysql database on a nightly basis,
and then zaps the files - though, truthfully, we don't use the
information that way - It would be trivial to generate HTML for each
user from the database.

We don't use the smblog for anything other than a diagnostic tool - we
enable debugging on a machine-by-machine basis when (rarely) a problem
occurs by including a "include = /usr/samba/conf/client-conf/%m"
expansion in our smb.conf file and bumping that machine's debug level
through the roof, otherwise we set debug to 0.  We _really like_ macro
expansion :)

Jim Delahanty
jimd at

On Fri, 13 Feb 1998 08:25:21 -0600, "Gerald W. Carter"
<cartegw at Eng.Auburn.EDU> wrote:
>> - Has anyone made, or does exist a samba log analyser tool.
>> I want to be able to generate (for example) web pages time when user
>> logged (when he accessed netlogon share) and time when he logged out
>> (how can i know that?) from samba logs
>One of the things I have on my todo list is some accounting scripts (
>most likely will be written them in perl ) for the smbd and nmbd logs.
>I could pass them along once they are completed ( haven't started on
>them yet though so.... ).
>Maybe I should ask if someone already has these?  Didn't see anything
>included in the docs/* directory...

More information about the samba mailing list