[Samba] Samba log analyzer
Bart Hendrix
hendrix at worldpilot.nl
Thu Jan 13 06:13:07 GMT 2005
Hi All,
We use LogWatch for our Samba server.
The reports looks like the following:
################### LogWatch 4.3.2 (02/18/03) ####################
Processing Initiated: Thu Jan 13 04:02:13 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: samba3
################################################################
--------------------- Named Begin ------------------------
Zone update refused:
172.17.6.3 (intra.nlcom.nl/IN): 43 Time(s)
---------------------- Named End -------------------------
--------------------- samba Begin ------------------------
**Unmatched Entries**
auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking
password for unmapped user [COMMERS2]\[Commers Health]@[COMMERS2] with the
new password interface : 1 Time(s)
auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking
password for unmapped user []\[]@[CGOES-PC] with the new password interface
: 6 Time(s)
auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking
password for unmapped user []\[]@[CM182760-A] with the new password
interface : 7 Time(s)
auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking
password for unmapped user []\[]@[COMMERS2] with the new password interface
: 1 Time(s)
auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking
password for unmapped user []\[]@[SCHAAFPC] with the new password interface
: 1 Time(s)
auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is:
[NLCOM-NL]\[Commers Health]@[COMMERS2] : 1 Time(s)
auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is:
[NLCOM-NL]\[]@[CGOES-PC] : 6 Time(s)
auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is:
[NLCOM-NL]\[]@[CM182760-A] : 7 Time(s)
auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is:
[NLCOM-NL]\[]@[COMMERS2] : 1 Time(s)
auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is:
[NLCOM-NL]\[]@[SCHAAFPC] : 1 Time(s)
auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest
authentication for user [] succeeded : 15 Time(s)
auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication
for user [Commers Health] -> [Commers Health] FAILED with error
NT_STATUS_NO_SUCH_USER : 1 Time(s)
auth/auth_sam.c:check_sam_security(244) check_sam_security: Couldn't find
user 'Commers Health' in passdb file. : 1 Time(s)
auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not
using winbind, requested domain [NLCOM-NL] was for this SAM. : 1 Time(s)
lib/interface.c:add_interface(79) added interface ip=172.16.20.1
bcast=172.16.20.255 nmask=255.255.255.0 : 2 Time(s)
lib/interface.c:add_interface(79) added interface ip=172.17.6.3
bcast=172.17.255.255 nmask=255.255.0.0 : 2 Time(s)
lib/interface.c:add_interface(79) added interface ip=192.168.184.1
bcast=192.168.184.255 nmask=255.255.255.0 : 2 Time(s)
lib/smbldap.c:smbldap_connect_system(804) ldap_connect_system: succesful
connection to the LDAP server : 125 Time(s)
lib/smbldap.c:smbldap_connect_system(804) ldap_connect_system: succesful
connection to the LDAP server smbldap_open_connection: connection opened :
1 Time(s)
lib/smbldap.c:smbldap_open_connection(638) : 1 Time(s)
lib/smbldap.c:smbldap_open_connection(638) smbldap_open_connection:
connection opened : 125 Time(s)
lib/smbldap.c:smbldap_search_domain_info(1319) Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NLCOM-NL))] : 126 Time(s)
lib/sysquotas.c:sys_get_quota(413) sys_get_vfs_quota() failed for
mntpath[/work] bdev[/dev/sda1] qtype[2] id[1007]: Invalid argument : 1
Time(s)
lib/sysquotas.c:sys_get_quota(413) sys_get_vfs_quota() failed for
mntpath[/work] bdev[/dev/sda1] qtype[4] id[513]: Invalid argument : 1
Time(s)
lib/util_seaccess.c:se_access_check(251) : 38 Time(s)
lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is
S-1-5-21-1415303871-1163983296-3890754924-3014 se_access_check: also
S-1-5-21-1415303871-1163983296-3890754924-2027 se_access_check: also
S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-512
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-513
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-2089
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-3001 : 6
Time(s)
lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is
S-1-5-21-1415303871-1163983296-3890754924-501 se_access_check: also
S-1-5-21-1415303871-1163983296-3890754924-514 se_access_check: also S-1-1-0
se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-1199 : 32
Time(s)
lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport
endpoint is not connected : 23 Time(s)
lib/util_sock.c:send_smb(647) : 1 Time(s)
lib/util_sock.c:write_socket_data(430) : 1 Time(s)
libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 :
15 Time(s)
libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 :
66 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[Commers Health]
domain=[COMMERS2] workstation=[COMMERS2] len1=24 len2=24 : 1 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[] domain=[]
workstation=[CGOES-PC] len1=1 len2=0 : 11 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[] domain=[]
workstation=[CM182760-A] len1=1 len2=0 : 42 Time(s)
.
.
.
.
.
---------------------- samba End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
root logged in from host216.intra.nlcom.nl (172.17.6.216) using
publickey: 1 Time(s)
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
Filesystem Size Used Avail Use% Mounted on
/dev/LVM1/Volume1 72G 9.0G 59G 14% /
/dev/hda1 99M 25M 69M 27% /boot
none 756M 0 756M 0% /dev/shm
/dev/sda1 74G 56G 15G 80% /work
and so on
Maybe this can help you?
Greetz Bart
----- Original Message -----
From: "Robert Schetterer" <robert at schetterer.org>
To: "Rodrigo Noroaldo de Castro Fernandes" <r.fernandes at darumaorga.com.br>
Cc: <samba at lists.samba.org>
Sent: Wednesday, January 12, 2005 11:04 PM
Subject: Re: [Samba] Samba log analyzer
> Hi Rodrigo,
> as far i know there is no special tool alive for this job.
> Regards
>
> Rodrigo Noroaldo de Castro Fernandes schrieb:
>
>> Dear all,
>>
>> I would like to know if there is/are any program to analyze the
>> SAMBA log, and if possible create some reports with statistics (logon,
>> files access, etc).
>>
>> Best brazilian regards,
>>
>> Rodrigo
>
>
--------------------------------------------------------------------------------
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list