[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: Re: How come failed authentications aren't ....
From: Peter Polkinghorne <Peter.Polkinghorne () brunel ! ac ! uk>
Date: 1999-02-26 12:47:40
[Download RAW message or body]
OK - here is what I did for auditing of Samba usage - this applies to
1.9.18p10 - firstly the design goal was to use syslog - we centrally save the
authlog output as well as locally on the servers. Secondly the samba logs
were there but not much help.
I made a simple mod (submitted to samba-bugs as possible improvement) to log
connections (open & close) (PR#7471) to LOG_AUTH facility. This could
obviously be extended to authentication failure - which we do not log.
The syslog files can then be post processed - I use Perl scripts for so doing
- see: ftp://ftp.brunel.ac.uk/cc/peter/samba/
But overall I find syslog a big win over the current Samba log files.
--
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| Peter.Polkinghorne@brunel.ac.uk +44 1895 274000 x2561 UK |
-----------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic