You patch the open() call in the kernel to log messages to syslog. I've got patches for the kernel to log exec() but not open(). It's fairly trivial once you see it in action.

--
Michael Conlen

On Oct 27, 2003, at 6:35 AM, Matthew Seaman wrote:

On Mon, Oct 27, 2003 at 11:57:31AM +0800, [EMAIL PROTECTED] wrote:

How do you create/add a system log to monitor every access to a specific file (say a database file accessed through samba)? A sample line for syslog.conf would be greatly appreciated ?? :-)

Syslog.conf doesn't work that way: application processes themselves decide what log messages to generate and pass them to syslogd(8). syslogd(8) then takes care of writing those log messages into the log files, together with timestamps and other administrivia as required. /etc/syslog.conf is all about directing that flow of messages into the appropriate files categorized by priority and by what application made them.

Samba has extensive logging capabilities itself -- which generally
bypass syslog entirely, although there are options available to use
syslog.  It will certainly log who is accessing the server and from
what machines.  I don't think it has the capability to monitor
accesses down to the level of a particular file though, but read the
manuals carefully to be sure.

If you really need to log all accesses to the file, then probably your
best bet is to only make the file available via a web interface, which
can be set to require passwords before it will allow access and will
supply the logs you require.  Alternatively, databases such as
postgres or mysql can keep detailed logs of all queries run against
them.

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK


--
Michael Conlen
[EMAIL PROTECTED]

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to