Samba: audit files activity + log in separate file
Posted by valqk on
in /etc/rsyslog.d/50-smbd_audit.conf tell rsyslogd to direct audit logs to a separate file:
in /etc/samba/smb.conf tell samba to audit file operations:
and finally tell logrotate to archive the files daily – /etc/logrotate.d/smbd_audit
then just restart both samba and rsyslog and enjoy the logs:
if $programname == 'smbd_audit' then /var/log/samba/audit.log
if $programname == 'smbd_audit' then ~
in /etc/samba/smb.conf tell samba to audit file operations:
vfs object = full_audit
full_audit:prefix = %S|%u|%I|%m
full_audit:success = chdir mkdir open opendir read rename rmdir write link unlink
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
and finally tell logrotate to archive the files daily – /etc/logrotate.d/smbd_audit
/var/log/samba/audit.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
then just restart both samba and rsyslog and enjoy the logs:
#> service smbd restart
#> service rsyslogd restart
#> tail -f /var/log/samba/audit.log
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments