Re: [Samba] VFS audit

Thu, 02 Mar 2006 20:47:34 -0800

Someone get a solution to this? Is unusable without it. You must be able to get the name of the user in the log, so i can use syslog-ng to store everything on a mysql database and be able to make querys. 

Ryan Taylor wrote:

That is great! And only leaves one problem:  The only way we know
easily who did what and where is by putting the logs in a log file
like "%U.%m.log" .  Is there yet another way to accomplish this
because syslog doesn't have those variables?  The ultimate goal is to
parse and put in a database for statistics and finding out who messed
up.

Biggest question yet: Is there somewhere I could have read to find the
solution you suggested above with the facilities/priority etc.. I hate
to ask questions like this if there is somewhere I can read and learn
from myself.  I have searched the Internet tirelessly and have not run
across the solution you suggested.  How can I find such solutions...?!

Thank you for your time and help!,

Ryan

On 2/7/06, Deryck Hodge <[EMAIL PROTECTED]> wrote:

On 2/2/06, Ryan Taylor <[EMAIL PROTECTED]> wrote:

Not only is it harder to parse but it doesn't show
open/close/edit/etc.. of files and seems completely different than
'audit'.

I am just wondering if there is a way to get 'audit' results into the
logfile other than syslog.


With any of the audit modules, you can direct the entries being sent
to syslog to an external file.

In smb.conf, something like the following

vfs objects = full_audit
full_audit:facility = LOCAL5
full_audit:priority = NOTICE

will allow you to do this in /etc/syslog.conf:

local5.notice        /path/to/another/log

Restart or reload syslogd and away you go.

Cheers,
deryck

--
Deryck Hodge
http://www.devurandom.org/
http://www.samba.org/

"Aimless days, uncool ways of decathecting" --Mike Doughty (2005)





--
Ryan Taylor
Micro Consultants
770-789-2072
[EMAIL PROTECTED]
"If I had to live my life again, I'd make the same mistakes, only
sooner."  Tallulah Bankhead


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to