Re: [Samba] Samba log analyzer

[Bart Hendrix]

Hi All,
We use LogWatch for our Samba server.
The reports looks like the following:
################### LogWatch 4.3.2 (02/18/03) ####################
      Processing Initiated: Thu Jan 13 04:02:13 2005
      Date Range Processed: yesterday
    Detail Level of Output: 0
         Logfiles for Host: samba3
################################################################
--------------------- Named Begin ------------------------ 

Zone update refused:
  172.17.6.3 (intra.nlcom.nl/IN): 43 Time(s)
---------------------- Named End ------------------------- 

--------------------- samba Begin ------------------------ 

**Unmatched Entries**
auth/auth.c:check_ntlm_password(219)  check_ntlm_password:  Checking 
password for unmapped user [COMMERS2]\[Commers [EMAIL PROTECTED] with the 
new password interface : 1 Time(s)
auth/auth.c:check_ntlm_password(219)  check_ntlm_password:  Checking 
password for unmapped user [EMAIL PROTECTED] with the new password interface 
: 6 Time(s)
auth/auth.c:check_ntlm_password(219)  check_ntlm_password:  Checking 
password for unmapped user [EMAIL PROTECTED] with the new password 
interface : 7 Time(s)
auth/auth.c:check_ntlm_password(219)  check_ntlm_password:  Checking 
password for unmapped user [EMAIL PROTECTED] with the new password interface 
: 1 Time(s)
auth/auth.c:check_ntlm_password(219)  check_ntlm_password:  Checking 
password for unmapped user [EMAIL PROTECTED] with the new password interface 
: 1 Time(s)
auth/auth.c:check_ntlm_password(222)  check_ntlm_password:  mapped user is: 
[NLCOM-NL]\[Commers [EMAIL PROTECTED] : 1 Time(s)
auth/auth.c:check_ntlm_password(222)  check_ntlm_password:  mapped user is: 
[EMAIL PROTECTED] : 6 Time(s)
auth/auth.c:check_ntlm_password(222)  check_ntlm_password:  mapped user is: 
[EMAIL PROTECTED] : 7 Time(s)
auth/auth.c:check_ntlm_password(222)  check_ntlm_password:  mapped user is: 
[EMAIL PROTECTED] : 1 Time(s)
auth/auth.c:check_ntlm_password(222)  check_ntlm_password:  mapped user is: 
[EMAIL PROTECTED] : 1 Time(s)
auth/auth.c:check_ntlm_password(268)  check_ntlm_password: guest 
authentication for user [] succeeded : 15 Time(s)
auth/auth.c:check_ntlm_password(312)  check_ntlm_password:  Authentication 
for user [Commers Health] -> [Commers Health] FAILED with error 
NT_STATUS_NO_SUCH_USER : 1 Time(s)
auth/auth_sam.c:check_sam_security(244)  check_sam_security: Couldn't find 
user 'Commers Health' in passdb file. : 1 Time(s)
auth/auth_winbind.c:check_winbind_security(80)  check_winbind_security: Not 
using winbind, requested domain [NLCOM-NL] was for this SAM. : 1 Time(s)
lib/interface.c:add_interface(79)  added interface ip=172.16.20.1 
bcast=172.16.20.255 nmask=255.255.255.0 : 2 Time(s)
lib/interface.c:add_interface(79)  added interface ip=172.17.6.3 
bcast=172.17.255.255 nmask=255.255.0.0 : 2 Time(s)
lib/interface.c:add_interface(79)  added interface ip=192.168.184.1 
bcast=192.168.184.255 nmask=255.255.255.0 : 2 Time(s)
lib/smbldap.c:smbldap_connect_system(804)  ldap_connect_system: succesful 
connection to the LDAP server : 125 Time(s)
lib/smbldap.c:smbldap_connect_system(804)  ldap_connect_system: succesful 
connection to the LDAP server  smbldap_open_connection: connection opened : 
1 Time(s)
lib/smbldap.c:smbldap_open_connection(638) : 1 Time(s)
lib/smbldap.c:smbldap_open_connection(638)  smbldap_open_connection: 
connection opened : 125 Time(s)
lib/smbldap.c:smbldap_search_domain_info(1319)  Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=NLCOM-NL))] : 126 Time(s)
lib/sysquotas.c:sys_get_quota(413)  sys_get_vfs_quota() failed for 
mntpath[/work] bdev[/dev/sda1] qtype[2] id[1007]: Invalid argument : 1 
Time(s)
lib/sysquotas.c:sys_get_quota(413)  sys_get_vfs_quota() failed for 
mntpath[/work] bdev[/dev/sda1] qtype[4] id[513]: Invalid argument : 1 
Time(s)
lib/util_seaccess.c:se_access_check(251) : 38 Time(s)
lib/util_seaccess.c:se_access_check(252)  se_access_check: user sid is 
S-1-5-21-1415303871-1163983296-3890754924-3014  se_access_check: also 
S-1-5-21-1415303871-1163983296-3890754924-2027  se_access_check: also 
S-1-1-0  se_access_check: also S-1-5-2  se_access_check: also S-1-5-11 
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-512 
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-513 
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-2089 
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-3001 : 6 
Time(s)
lib/util_seaccess.c:se_access_check(252)  se_access_check: user sid is 
S-1-5-21-1415303871-1163983296-3890754924-501  se_access_check: also 
S-1-5-21-1415303871-1163983296-3890754924-514  se_access_check: also S-1-1-0 
se_access_check: also S-1-5-2  se_access_check: also S-1-5-32-546 
se_access_check: also S-1-5-21-1415303871-1163983296-3890754924-1199 : 32 
Time(s)
lib/util_sock.c:get_peer_addr(1000)  getpeername failed. Error was Transport 
endpoint is not connected : 23 Time(s)
lib/util_sock.c:send_smb(647) : 1 Time(s)
lib/util_sock.c:write_socket_data(430) : 1 Time(s)
libsmb/ntlmssp.c:debug_ntlmssp_flags(62)  Got NTLMSSP neg_flags=0x60088215 : 
15 Time(s)
libsmb/ntlmssp.c:debug_ntlmssp_flags(62)  Got NTLMSSP neg_flags=0xe2088297 : 
66 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615)  Got user=[Commers Health] 
domain=[COMMERS2] workstation=[COMMERS2] len1=24 len2=24 : 1 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615)  Got user=[] domain=[] 
workstation=[CGOES-PC] len1=1 len2=0 : 11 Time(s)
libsmb/ntlmssp.c:ntlmssp_server_auth(615)  Got user=[] domain=[] 
workstation=[CM182760-A] len1=1 len2=0 : 42 Time(s)
.
.
.
.
.
---------------------- samba End ------------------------- 

--------------------- SSHD Begin ------------------------ 

Users logging in through sshd:
  root logged in from host216.intra.nlcom.nl (172.17.6.216) using 
publickey: 1 Time(s)

---------------------- SSHD End ------------------------- 


------------------ Disk Space --------------------
Filesystem            Size  Used Avail Use% Mounted on
/dev/LVM1/Volume1      72G  9.0G   59G  14% /
/dev/hda1              99M   25M   69M  27% /boot
none                  756M     0  756M   0% /dev/shm
/dev/sda1              74G   56G   15G  80% /work
and so on
Maybe this can help you?
Greetz Bart
----- Original Message ----- 
From: "Robert Schetterer" <[EMAIL PROTECTED]>
To: "Rodrigo Noroaldo de Castro Fernandes" <[EMAIL PROTECTED]>
Cc: <samba@lists.samba.org>
Sent: Wednesday, January 12, 2005 11:04 PM
Subject: Re: [Samba] Samba log analyzer


Hi Rodrigo,
as far i know there is no special tool alive for this job.
Regards
Rodrigo Noroaldo de Castro Fernandes schrieb:
Dear all,
    I would like to know if there is/are any program to analyze the
SAMBA log, and if possible create some reports with statistics (logon,
files access, etc).
Best brazilian regards,
Rodrigo


--------------------------------------------------------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba