[Samba] samba and fail2ban
Michael Wood
esiotrot at gmail.com
Tue Mar 29 06:58:34 MDT 2011
On 29 March 2011 12:13, Hajo Locke <hajo.locke at gmx.de> wrote:
> Hello,
>
>> Maybe have a script running in the background, parsing samba log file to
>> create
>> and alternative log file with all related info on the same line for
>> fail2ban...?
>
> but problem will still be the same. How to find lines which belonging
> together?
> may be in log we have connect from 3 IPs a, b, c and following 1 successful
> login and 2 false. which ip belongs to the false logins? Every other server
> i know sends this important messages in one line.
Maybe you can use the full_audit module.
e.g. here's an article about it:
http://a32.me/2009/10/samba-audit-trail/
--
Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list