Does anyone have any log analysis tools? I'm currently configured with "log file = /usr/local/samba/var/log.%m", which makes identifying issues with any one client easy, but doesn't provide me with an overall picture of what has been happening. What I'd like to be able to produce is a report showing, for a given unit time, the total number of clients that have connected, perhaps the peak concurrent connections, the total number of users that have connected, and so on. It would be nice if the results of this analysis were made available via the web interface - although manually adding a link to the base SWAT page would be sufficient, I really wouldn't need to add a toolbar icon, though that would be nice. Anyone else doing this already? -- David L. Kindred d.kindred@telesciences.com Telesciences, Inc 2000 Midlantic Drive, Suite 410 Phone: +1 856 642 4184 Mount Laurel, NJ 08054 Fax: +1 856 866 0185
On Tue, 25 Jul 2000 09:30:52 -0400 (EDT) David L Kindred (Dave) wrote:> Does anyone have any log analysis tools? I'm currently configured with > "log file = /usr/local/samba/var/log.%m", which makes identifying issues > with any one client easy, but doesn't provide me with an overall picture > of what has been happening. What I'd like to be able to produce is a > report showing, for a given unit time, the total number of clients that > have connected, perhaps the peak concurrent connections, the total > number of users that have connected, and so on. > > It would be nice if the results of this analysis were made available via > the web interface - although manually adding a link to the base SWAT > page would be sufficient, I really wouldn't need to add a toolbar > icon, though that would be nice. > > Anyone else doing this already? > > -- > David L. Kindred d.kindred@telesciences.com > Telesciences, Inc > 2000 Midlantic Drive, Suite 410 Phone: +1 856 642 4184 > Mount Laurel, NJ 08054 Fax: +1 856 866 0185If anyone is doing this, I'd be happy to help. If not, I'd consider starting an effort, though I'm not sure I'd have time to do it all the Right Way. -- Omer Shenker oshenker@iname.com
Yes - I have a simple perl script that uses smbstatus - works with 2.0.6. We have a chron script on each server that runs samba-snap.pl every 10 minutes which gives useful trend info. Here are some small Samba utilities that I have writen and hope you will find useful. Currently work with Samba 1.9.18p10 under Solaris 2.5.1 The utilties are all writen in fairly vanilla Perl5 - we use 5.004_01. Any customisation is clearly labelled - just modify the source. Feedback welcome. The programs are all GPLed and versioned. File Version Description +-----------------------+-------+--------------------------------------------- samba-snap.pl 1.1 - produces 1 line summaries based on smbstatus samba-snap-sum.pl 1.1 - summarises samba-snap.pl output samba-syslog.pl 1.1 - summarises connects & closes from syslog Source location: ftp://ftp.brunel.ac.uk/cc/peter/samba/ Fri 28 July 2000 ----------------------------------------------------------------------------- | Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,| | Peter.Polkinghorne@brunel.ac.uk UK | -----------------------------------------------------------------------------
Dave Olker's CIFSTAT script can be found at http://samba.org/cgi-bin/samba-patches/incoming?expression=cifsstat;user=guest --dave
Keith G. Murphy said:> That looks quite slick. >Thanks!> Two questions: > > (1) Have you looked at SyslogScan::SyslogEntry.pm? Does some of the > work for you. Most useful if you scan different kinds of logs and > would like to use the same interface. >No - I have not - but would be a good idea it seems. I find it hard at time to keep up with number of Perl modules that exist!> (2) How do you get the connections logged by syslog? I've tried > various combinations of 'syslog level' and 'syslog only' and can't > seem to pull it off.Well I do have a slight mod to use AUTH facility for logging connections. But that is purely for local convention. But I have (for Solaris): # get syslog to see right stuff syslog = 2 (syslog only is left at default of no). Note the new utmp stuff offers another route for aggregating usage statitics. -- ----------------------------------------------------------------------------- | Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,| | Peter.Polkinghorne@brunel.ac.uk +44 1895 274000 x2561 UK | -----------------------------------------------------------------------------