On Wed, May 25, 2011 at 04:29:51PM +0200, Andreas Heinlein wrote: > Am 25.05.2011 15:45, schrieb ion coting: > > Anyone... help!? > > > > On Thu, May 19, 2011 at 4:19 PM, ion coting <[email protected]> wrote: > > > >> Hi, > >> I would like to look at a logfile containing simple summary lines like > >> this: > >> > >> timestamp - client ip - user - action (eg. login, connect to a share) - > >> result (ok, password wrong, permission denied, io error, etc) > >> > >> I find log.smb and log.nmb very complicated and smbaudit too; also i would > >> like to have all this information in a single log gile. > >> > >> How can I achieve this? Is there any native samba combination of options in > >> smb.conf that can result in achieving this type of log? Can (and how?) I > >> configure samba in such a way that some external tools can parse and > >> extract > >> this information from logfiles? > >> > >> thank you > >> > >> > > I'd like to see this too, but I don't think it's possible. I have wasted > several hours when debugging samba problems and dealing with > hard-to-read logfiles. But there is no way to configure logging except > for the amount (log level) and destination. > > It may help a bit to use substitutions in the log file destinations, so > e.g.using "log file = /var/log/samba/log.%I.%U" in your smb.conf will > create one log file per client and user on the server, like > /var/log/samba/log.10.0.0.24.bob for user bob on client 10.0.0.24. > Still, it's sometimes difficult to get actions and results sorted out.
What would really help is if someone went through the "things" that Samba does, and comes out with a list of "user loggable" events, such as "user logged on", "connection dropped", "connected to share" etc. If the list were small enough (i.e. so it didn't turn into a parallel debug system) we could then instrument the code at these points, then emit event-log records that were readable by the Windows event log viewer (or a UNIX equivalent) - or even to a separate "user events" log file (or syslog). It would have to be a limited list, and not include IO events (opening file, read file etc.) as these are better handled by the audit modules, or when we add the audit ACLs, the audit ACL logging. Someone from HP (not mentioning any names here but he might remember who he is :-) did promise a couple of years ago at SambaXP to do this, but I'm guessing he didn't have time. If someone came up with this I'd certainly help push it into the code. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
