[Samba] tracking user activity - Active Directory
Bob Miller
bob at computerisms.ca
Thu Mar 7 13:17:40 MST 2013
Hello,
Some mischief happened and I have been asked if I can find out who was
logged into their computers within a specific off-hours time frame. My
logs for that time frame happened to be running at debug level 3, so I
have been looking through them and trying to figure out how to recognize
a workstation login. I find lines beginning with
auth_check_password_send that seem like reasonably good candidates, but
I have a number of other services such as email authenticating against
the AD, and it seems that is just as likely to describe a mail log in as
it is a workstation login. Is there a way, or some documentation that
will explain how, to parse the log files and determine which
workstations were actively in use and by which account? Or are there
any tools that will parse the log files and provide me such information?
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
More information about the samba
mailing list