On Thu, Jan 07, 2010 at 12:57:02AM -0500, Jimmy Theis wrote: > I'm considering writing a Python module for parsing file access entries > from Samba logs. I plan on using regular expressions to do most of this, > and I'm curious as to whether or not the log format is consistent across > all versions of Samba. If it isn't, can you please direct me to the > documentation on any older or alternative formats? > > I'm currently using Samba 3.0.33 (RedHat), which outputs entries like this: > > ===================================================================== > [2010/01/05 17:38:52, 2] smbd/open.c:open_file(391) > admin opened file welcome.txt read=Yes write=No (numopen=4) > [2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406) > admin closed file welcome.txt (numopen=3) NT_STATUS_OK > =====================================================================
You might want to look at the full_audit VFS module. The format there can be defined by smb.conf settings. The debug output is not standardized in any way. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
