[Samba] VFS audit

Guido Lorenzutti guido at lorenzutti.com.ar
Fri Mar 3 04:43:14 GMT 2006 

Someone get a solution to this? Is unusable without it. You must be able 
to get the name of the user in the log, so i can use syslog-ng to store 
everything on a mysql database and be able to make querys.

Ryan Taylor wrote:
> That is great! And only leaves one problem:  The only way we know
> easily who did what and where is by putting the logs in a log file
> like "%U.%m.log" .  Is there yet another way to accomplish this
> because syslog doesn't have those variables?  The ultimate goal is to
> parse and put in a database for statistics and finding out who messed
> up.
>
> Biggest question yet: Is there somewhere I could have read to find the
> solution you suggested above with the facilities/priority etc.. I hate
> to ask questions like this if there is somewhere I can read and learn
> from myself.  I have searched the Internet tirelessly and have not run
> across the solution you suggested.  How can I find such solutions...?!
>
> Thank you for your time and help!,
>
> Ryan
>
> On 2/7/06, Deryck Hodge <deryck at samba.org> wrote:
>   
>> On 2/2/06, Ryan Taylor <rtaylor82 at gmail.com> wrote:
>>     
>>> Not only is it harder to parse but it doesn't show
>>> open/close/edit/etc.. of files and seems completely different than
>>> 'audit'.
>>>
>>> I am just wondering if there is a way to get 'audit' results into the
>>> logfile other than syslog.
>>>
>>>       
>> With any of the audit modules, you can direct the entries being sent
>> to syslog to an external file.
>>
>> In smb.conf, something like the following
>>
>> vfs objects = full_audit
>> full_audit:facility = LOCAL5
>> full_audit:priority = NOTICE
>>
>> will allow you to do this in /etc/syslog.conf:
>>
>> local5.notice        /path/to/another/log
>>
>> Restart or reload syslogd and away you go.
>>
>> Cheers,
>> deryck
>>
>> --
>> Deryck Hodge
>> http://www.devurandom.org/
>> http://www.samba.org/
>>
>> "Aimless days, uncool ways of decathecting" --Mike Doughty (2005)
>>
>>     
>
>
>
> --
> Ryan Taylor
> Micro Consultants
> 770-789-2072
> rtaylor82 at gmail.com
> "If I had to live my life again, I'd make the same mistakes, only
> sooner."  Tallulah Bankhead
>

More information about the samba mailing list