Quote:
Originally Posted by centos123
actually i need something like monitoring all latest access of samba shares by user listed by ip address like smbstatus -s command show.and user name on the screen .second one is that when ever other user access other shared file a mail is to sent to notifying of accessing....is this is possible.i know that for sending mail i need to configure mailserver also in file server... without configuring is it possible?
|
Ok, there are many ways of doing what you need.
With a fairly default samba configuration, you probably already have the latest access log per share/user in /var/log/samba/*. For example I have just accessed the \\zulu\public share from a client PC named whiskey, and on /var/log/samba/ I have:
Code:
zulu:/var/log/samba# tail -2 /var/log/samba/whiskey.log
[2012/04/30 09:37:59.531540, 1] smbd/service.c:1070(make_connection_snum)
whiskey (192.168.168.150) connect to service public initially as user jsveiga (uid=1000, gid=100) (pid 25912)
(check man smb.conf for "log file"; you can use a single logfile, or per user or per machine)
A script (or simply grep) can filter out the lines with extra information you do not need.
This however will not give you detailed information on what has been done nor which files in the share have been accessed. It is only at share level.
For more detail logging, you can use and tweak kyrunner's solution (see man smb.conf for the %x variables you can use). His example will log this information via syslog (so it will go to you /var/log/syslog and/or /var/log/messages, depending on your syslog.conf):
Code:
Apr 30 09:35:38 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:45 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:45 zulu smbd[25877]: jsveiga|192.168.168.150|mkdir|ok|New folder
Apr 30 09:35:45 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:47 zulu last message repeated 2 times
Apr 30 09:35:47 zulu smbd[25877]: jsveiga|192.168.168.150|rename|ok|./New folder|./Test
Apr 30 09:35:47 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:47 zulu last message repeated 2 times
Apr 30 09:35:48 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|Test
Apr 30 09:35:52 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:52 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|w|Test/New Text Document.txt
Apr 30 09:35:52 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|Test
Apr 30 09:35:52 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|Test
Apr 30 09:35:54 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:54 zulu smbd[25877]: jsveiga|192.168.168.150|rename|ok|Test/New Text Document.txt|Test/sss.txt
Apr 30 09:35:54 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|Test
Apr 30 09:35:54 zulu last message repeated 2 times
Apr 30 09:35:57 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:57 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|Test
Apr 30 09:35:58 zulu smbd[25877]: jsveiga|192.168.168.150|open|ok|r|.
Apr 30 09:35:58 zulu smbd[25877]: jsveiga|192.168.168.150|unlink|ok|Test/sss.txt
You can do some tweaking to send it to a specific log using syslog.conf and the full_audit:facility/priority options added to his example). Check this or tweaking details:
http://moiristo.wordpress.com/2009/0...user-activity/
To generate emails when files are opened, you could create a script to run as a daemon, monitoring the log. The script could even organize the information in a database so you could later query to generate your reports.
This script is an example of how to do it (you can use kyrunner's configuration only with the "open" audit option, if all you need it access notifications. If you need more, the script below can be tweaked accordingly):
Code:
#!/usr/bin/perl
use warnings;
use strict;
my $bigbrother = "user\@domain";
my $logfile = "/var/log/messages";
my $sharepath = "/shared/public";
# if you find this ugly, there's a File::Tail module in cpan
open (LOG, "/usr/bin/tail -f $logfile |");
while (<LOG>)
{
chomp;
next unless (m/^(.+) zulu smbd\[[0-9]+\]: (.+)\|(.+)\|open\|ok\|r\|(.+) $/); #yep, there's an empty space at the end of the log line
my $timestamp = $1;
my $user = $2;
my $ip = $3;
my $file = $4;
next unless (-f "$sharepath/$file");
# there's also an Email::Simple::Creator perl module for this
qx{mail -s "File accessed" $bigbrother <<END
$timestamp $user @ $ip
$sharepath/$file
};
}
Do not forget to replace the "zulu" in the regexp with your samba server name (how it shows in the log).
This script can be called from init, but don't forget to restart it from logrotate if you rotate the destination log, or it will probably stop working after the log is rotated.
To send the email you don't necessarily need a full internet-enabled mail server configured and running in your samba server. If you configure "$bigbrother" to a local linux account, it'll probably work without any further email configuration, but you'd have to configure some server service (pop/imap/webmail) to be able to access the emails from a standard email client or browser - or, you can just use the 'user friendly' "mail" from a command line.
Instead, you can configure your server to send email through an external email server ("smarthost"). If you use a debian-based distro with exim4, you can configure this with "dpkg-reconfigure exim4-config" (here's an example on how to use gmail as the smarthost:
http://islandlinux.org/howto/configu...il-smtp-server ).
BR,
Joao S Veiga
, but it is eventually useful (when windows/app crashes and leaves file locked in the server)
refix = %u|%I|%m|%S
