Hello, Some mischief happened and I have been asked if I can find out who was logged into their computers within a specific off-hours time frame. My logs for that time frame happened to be running at debug level 3, so I have been looking through them and trying to figure out how to recognize a workstation login. I find lines beginning with auth_check_password_send that seem like reasonably good candidates, but I have a number of other services such as email authenticating against the AD, and it seems that is just as likely to describe a mail log in as it is a workstation login. Is there a way, or some documentation that will explain how, to parse the log files and determine which workstations were actively in use and by which account? Or are there any tools that will parse the log files and provide me such information?
-- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
