[Samba] VFS audit
Ryan Taylor
rtaylor82 at gmail.com
Tue Feb 7 18:44:02 GMT 2006
That is great! And only leaves one problem: The only way we know
easily who did what and where is by putting the logs in a log file
like "%U.%m.log" . Is there yet another way to accomplish this
because syslog doesn't have those variables? The ultimate goal is to
parse and put in a database for statistics and finding out who messed
up.
Biggest question yet: Is there somewhere I could have read to find the
solution you suggested above with the facilities/priority etc.. I hate
to ask questions like this if there is somewhere I can read and learn
from myself. I have searched the Internet tirelessly and have not run
across the solution you suggested. How can I find such solutions...?!
Thank you for your time and help!,
Ryan
On 2/7/06, Deryck Hodge <deryck at samba.org> wrote:
> On 2/2/06, Ryan Taylor <rtaylor82 at gmail.com> wrote:
> > Not only is it harder to parse but it doesn't show
> > open/close/edit/etc.. of files and seems completely different than
> > 'audit'.
> >
> > I am just wondering if there is a way to get 'audit' results into the
> > logfile other than syslog.
> >
>
> With any of the audit modules, you can direct the entries being sent
> to syslog to an external file.
>
> In smb.conf, something like the following
>
> vfs objects = full_audit
> full_audit:facility = LOCAL5
> full_audit:priority = NOTICE
>
> will allow you to do this in /etc/syslog.conf:
>
> local5.notice /path/to/another/log
>
> Restart or reload syslogd and away you go.
>
> Cheers,
> deryck
>
> --
> Deryck Hodge
> http://www.devurandom.org/
> http://www.samba.org/
>
> "Aimless days, uncool ways of decathecting" --Mike Doughty (2005)
>
--
Ryan Taylor
Micro Consultants
770-789-2072
rtaylor82 at gmail.com
"If I had to live my life again, I'd make the same mistakes, only
sooner." Tallulah Bankhead
More information about the samba
mailing list