Re: User audit logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thursday 08 March 2012 00:56:12 Gregory Machin wrote:
> Hi
> I have setup user auditing with extd_audit and its working fine , i
> have it logging to log file = /var/log/samba/%U.%m.log and that is
> great for identifying the users and machines ...But the syslog entries
> don't have a username or host information and I want to use syslog to
> ship the logs to a central logging server.  Can I configure it to log
> username and hostname (or ip) to syslog with each log line ?
> 
> 
> Thanks
> 
> G

afaik - you can't specify that for syslog.

There is another vfs called vfs_full_audit:
   http://www.samba.org/samba/docs/man/manpages-3/vfs_full_audit.8.html
see also:
   http://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/

That one does _only_ log to syslog, but is very flexible and powerful.
For debugging purpose i used in the past:
   full_audit:prefix = %u|%I|%m|%S

Cheers, Günter
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux