[Samba] User audit logging
Günter Kukkukk
linux at kukkukk.com
Wed Mar 7 18:33:35 MST 2012
On Thursday 08 March 2012 00:56:12 Gregory Machin wrote:
> Hi
> I have setup user auditing with extd_audit and its working fine , i
> have it logging to log file = /var/log/samba/%U.%m.log and that is
> great for identifying the users and machines ...But the syslog entries
> don't have a username or host information and I want to use syslog to
> ship the logs to a central logging server. Can I configure it to log
> username and hostname (or ip) to syslog with each log line ?
>
>
> Thanks
>
> G
afaik - you can't specify that for syslog.
There is another vfs called vfs_full_audit:
http://www.samba.org/samba/docs/man/manpages-3/vfs_full_audit.8.html
see also:
http://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/
That one does _only_ log to syslog, but is very flexible and powerful.
For debugging purpose i used in the past:
full_audit:prefix = %u|%I|%m|%S
Cheers, Günter
More information about the samba
mailing list