[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: How come failed authentications aren't ....
From:       Peter Polkinghorne <Peter.Polkinghorne () brunel ! ac ! uk>
Date:       1999-02-26 12:47:40
[Download RAW message or body]


OK - here is what I did for auditing of Samba usage - this applies to 
1.9.18p10 - firstly the design goal was to use syslog - we centrally save the 
authlog output as well as locally on the servers.  Secondly the samba logs 
were there but not much help.

I made a simple mod (submitted to samba-bugs as possible improvement) to log 
connections (open & close) (PR#7471) to LOG_AUTH facility.  This could 
obviously be extended to authentication failure - which we do not log.

The syslog files can then be post processed - I use Perl scripts for so doing 
- see: ftp://ftp.brunel.ac.uk/cc/peter/samba/

But overall I find syslog a big win over the current Samba log files.

-- 
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| Peter.Polkinghorne@brunel.ac.uk   +44 1895 274000 x2561       UK          |
-----------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]