[Samba] Tracking of SAMBA users activity
chriscox at endlessnow.com
Tue Nov 12 18:09:17 UTC 2019
What you probably want is the vfs_full_audit module
comment = Test Dir
browseable = Yes
read only = No
inherit acls = Yes
path = /samba/test
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = connect disconnect
Now, I didn't direct the syslog above, so likely all those messages
would go to your default log file (e.g. /var/log/messages on many Linux
Nov 12 12:03:30 samba-test smbd_audit:
Nov 12 12:04:21 samba-test smbd_audit:
Obviously, you can do more than just "connect" and "disconnect", see the
man page referenced at the top.
On 11/12/19 11:38 AM, Jean-Louis Renaud via samba wrote:
> I would like to know if there is a SAMBA feature () that tracks users'
> login/logout (by name and not by IP address) accessing the shares.
> Maybe by using Unix command lines, do you know into which log files these
> information are stored in ?
> "Share ID" Date Time "Username" logged in
> "Share ID" Date Time "Username" logged off
> I tried to grep "username" in log files stored in /var/log without results.
> I also tried to use the "log level = 1 auth_audit: 3" option in the smb.conf
> file, reloaded the configuration file in samba "smbcontrol all
> reload-config", restarted the samba server "systemctl restart smbd .service
> " but all log files generated in /var/log/samba are completely empty.
More information about the samba