Jean-Louis Renaud
2019-Nov-14 09:13 UTC
[Samba] Tracking of SAMBA users activity & log files
Unfortunately logs files are generated in /var/log/samba but they are all empty, do you know the reason ? My smb.conf : [global] log level = 1 auth_audit:3 vfs:2 log file = /var/log/samba/log.%U.%m max log size = 1000 logging = syslog [Share] vfs objects = full_audit full_audit:prefix = %u|%I|%m|%P|%S full_audit:success = connect disconnect full_audit:success = mkdir rename unlink rmdir pwrite full_audit:failure none full_audit:facility = local7 full_audit:priority = NOTICE My log level is : PID 24555: all:1 tdb:1 printdrivers:1 lanman:1 smb:1 rpc_parse:1 rpc_srv:1 rpc_cli:1 passdb:1 sam:1 auth:1 winbind:1 vfs:2 idmap:1 quota:1 acls:1 locking:1 msdfs:1 dmapi:1 registry:1 scavenger:1 dns:1 ldb:1 tevent:1 auth_audit:3 -----Message d'origine----- De?: Jean-Louis Renaud <jean_louis.renaud at yahoo.fr> Envoy??: mardi 12 novembre 2019 21:02 ??: 'Christopher Cox' <chriscox at endlessnow.com> Objet?: RE: [Samba] Tracking of SAMBA users activity WHAOU! that's exactly what I was looking for and even more. thank you very much -----Message d'origine----- De?: samba <samba-bounces at lists.samba.org> De la part de Christopher Cox via samba Envoy??: mardi 12 novembre 2019 19:09 ??: samba at lists.samba.org Objet?: Re: [Samba] Tracking of SAMBA users activity What you probably want is the vfs_full_audit module https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html Consider: [test] comment = Test Dir browseable = Yes read only = No inherit acls = Yes path = /samba/test vfs objects = full_audit full_audit:prefix = %u|%I full_audit:success = connect disconnect Now, I didn't direct the syslog above, so likely all those messages would go to your default log file (e.g. /var/log/messages on many Linux hosts). Nov 12 12:03:30 samba-test smbd_audit: MYDOMAIN\ccox|192.168.1.1|connect|ok|test Nov 12 12:04:21 samba-test smbd_audit: MYDOMAIN\ccox|192.168.1.1|disconnect|ok|test Obviously, you can do more than just "connect" and "disconnect", see the man page referenced at the top. On 11/12/19 11:38 AM, Jean-Louis Renaud via samba wrote:> Hello, > > > > I would like to know if there is a SAMBA feature () that tracks users' > login/logout (by name and not by IP address) accessing the shares. > Maybe by using Unix command lines, do you know into which log files > these information are stored in ? > > ie > > "Share ID" Date Time "Username" logged in "Share ID" Date Time > "Username" logged off > > > > ? > I tried to grep "username" in log files stored in /var/log withoutresults.> > I also tried to use the "log level = 1 auth_audit: 3" option in the > smb.conf file, reloaded the configuration file in samba "smbcontrol > all reload-config", restarted the samba server "systemctl restart smbd > .service " but all log files generated in /var/log/samba are completelyempty.> > > > Thanks >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba