[Samba] VFS audit
guido at lorenzutti.com.ar
Fri Mar 3 04:43:14 GMT 2006
Someone get a solution to this? Is unusable without it. You must be able
to get the name of the user in the log, so i can use syslog-ng to store
everything on a mysql database and be able to make querys.
Ryan Taylor wrote:
> That is great! And only leaves one problem: The only way we know
> easily who did what and where is by putting the logs in a log file
> like "%U.%m.log" . Is there yet another way to accomplish this
> because syslog doesn't have those variables? The ultimate goal is to
> parse and put in a database for statistics and finding out who messed
> Biggest question yet: Is there somewhere I could have read to find the
> solution you suggested above with the facilities/priority etc.. I hate
> to ask questions like this if there is somewhere I can read and learn
> from myself. I have searched the Internet tirelessly and have not run
> across the solution you suggested. How can I find such solutions...?!
> Thank you for your time and help!,
> On 2/7/06, Deryck Hodge <deryck at samba.org> wrote:
>> On 2/2/06, Ryan Taylor <rtaylor82 at gmail.com> wrote:
>>> Not only is it harder to parse but it doesn't show
>>> open/close/edit/etc.. of files and seems completely different than
>>> I am just wondering if there is a way to get 'audit' results into the
>>> logfile other than syslog.
>> With any of the audit modules, you can direct the entries being sent
>> to syslog to an external file.
>> In smb.conf, something like the following
>> vfs objects = full_audit
>> full_audit:facility = LOCAL5
>> full_audit:priority = NOTICE
>> will allow you to do this in /etc/syslog.conf:
>> local5.notice /path/to/another/log
>> Restart or reload syslogd and away you go.
>> Deryck Hodge
>> "Aimless days, uncool ways of decathecting" --Mike Doughty (2005)
> Ryan Taylor
> Micro Consultants
> rtaylor82 at gmail.com
> "If I had to live my life again, I'd make the same mistakes, only
> sooner." Tallulah Bankhead
More information about the samba