Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: swifferina on August 19, 2010, 08:48:18 AM
-
Hi!
I need to know if it's possible on Sme Server 7 to have a Log File with all the Users access to the Server's shared folders (date/time and Mac Address of the computer that has been connected to the server).
Thanks
Valentina
-
Hi Valentina
actually such a feature is not present..
you could take a look at smbaudit (http://smbdaudit.sourceforge.net/)
HTH
-
sorry, my bad.. I should answer only after the second cup of cofee :-)
read this (http://forums.contribs.org/index.php?topic=39255.0) topic..
I think you need a custom template to enable auditing
-
hi, it's me again
after playing a bit, I've found a solution.. I'm actually testing on my production server
1) create the dir tree under templates-custom and enter the new dir
mkdir -p /etc/e-smith/templates-custom/etc/smb.conf/ibays/
cd /etc/e-smith/templates-custom/etc/smb.conf/ibays/
2) create a new fragment
pico 10smbaudit
3) fill it with this code
{
$OUT = "";
return unless (($ibay->prop('Audit') || 'disabled') eq 'enabled');
$ibay_vfs->{full_audit}->{prefix} = "%u|%I|%S";
$ibay_vfs->{full_audit}->{failure} = "connect";
$ibay_vfs->{full_audit}->{success} = "opendir mkdir rmdir open write rename unlink";
$ibay_vfs->{full_audit}->{facility} = "local5";
$ibay_vfs->{full_audit}->{priority} = "notice";
}
4) save it with Ctrl-X, y
5) now enable auditing..
db accounts setprop ibayname Audit enabled
Note: it's a capital a, it's case sensitive
6) expand template and restart smb service with
signal-event ibay-modify ibayname
in /var/log/messages you'll find something like
Aug 19 23:54:41 srvsrv smbd_audit: stefano|10.0.0.13|storage|unlink|ok|Options/pippo
Aug 19 23:54:43 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options
Aug 19 23:54:43 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options
Aug 19 23:54:43 srvsrv smbd_audit: stefano|10.0.0.13|storage|mkdir|ok|Options/pippo
Aug 19 23:54:50 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options
Aug 19 23:54:50 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options
Aug 19 23:54:50 srvsrv smbd_audit: stefano|10.0.0.13|storage|rename|ok|Options/pippo|Options/topolino
Aug 19 23:54:55 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options
Aug 19 23:54:55 srvsrv smbd_audit: stefano|10.0.0.13|storage|opendir|ok|Options/topolino
Aug 19 23:54:55 srvsrv smbd_audit: stefano|10.0.0.13|storage|rmdir|ok|Options/topolino
if you want to have a separate log file for it, you have to create custom templates form /etc/syslog.conf and /etc/logrotate.d
I will raise a NFR for this fragment
-
I will raise a NFR for this fragment
After doing so please post a reference, saves me and future readers some searching. :-)
-
Here is some information (not sure if it is still valid) to fine tune your solution, for instance logging to a separate file in the samba log folder: http://a32.me/2009/10/samba-audit-trail/
I think such a solution is preferred to logging in /var/log/messages in regards to your NFR.
-
After doing so please post a reference, saves me and future readers some searching. :-)
will do..
cactus, could you please contact me off-line? thank you
-
Here is some information (not sure if it is still valid) to fine tune your solution, for instance logging to a separate file in the samba log folder: http://a32.me/2009/10/samba-audit-trail/
I think such a solution is preferred to logging in /var/log/messages in regards to your NFR.
I'm already testing it.. I made templates for syslog.conf and for logrotate.d
installed and testing on 5 servers, waiting to some feedback
I would like to write/find a log parser to populate mysql db and use smbdaudit web interface..
-
NFR (http://bugs.contribs.org/show_bug.cgi?id=6176) 6176 in bugzilla