samba - Jan 2010 - Log File Format Changes

Hi all,

I'm considering writing a Python module for parsing file access entries 
from Samba logs. I plan on using regular expressions to do most of this, 
and I'm curious as to whether or not the log format is consistent across 
all versions of Samba. If it isn't, can you please direct me to the 
documentation on any older or alternative formats?

I'm currently using Samba 3.0.33 (RedHat), which outputs entries like this:

====================================================================[2010/01/05
17:38:52, 2] smbd/open.c:open_file(391)
   admin opened file welcome.txt read=Yes write=No (numopen=4)
[2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406)
   admin closed file welcome.txt (numopen=3) NT_STATUS_OK
====================================================================
Regards,
Jimmy Theis

On Thu, Jan 07, 2010 at 12:57:02AM -0500, Jimmy Theis
wrote:
> I'm considering writing a Python module for parsing file access entries
> from Samba logs. I plan on using regular expressions to do most of this,  
> and I'm curious as to whether or not the log format is consistent
across
> all versions of Samba. If it isn't, can you please direct me to the  
> documentation on any older or alternative formats?
>
> I'm currently using Samba 3.0.33 (RedHat), which outputs entries like
this:
>
> ====================================================================>
[2010/01/05 17:38:52, 2] smbd/open.c:open_file(391)
>   admin opened file welcome.txt read=Yes write=No (numopen=4)
> [2010/01/05 17:38:52, 2] smbd/close.c:close_normal_file(406)
>   admin closed file welcome.txt (numopen=3) NT_STATUS_OK
> ====================================================================
You might want to look at the full_audit VFS module. The
format there can be defined by smb.conf settings. The debug
output is not standardized in any way.

Volker