LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-19-2004, 08:23 PM   #1
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Rep: Reputation: 30
Cool Tracing which user logs onto which PC


G'day~

I am just wondering whether is it possible to trace which user logs onto which PC on a network. Any log files that I should be looking at?
I only know that Samba's log files are stored in /var/log/samba and I have basically looked at most of them but they do not seem to contain the info i am looking for...

My system is a RH9 running Samba acting as the PDC with Windows XP boxes as clients.

I am trying to hook up Nagios though... this program really needs some serious configuration in order to work!

Alrighty, thanks in advance~

~WiLL~
 
Old 07-19-2004, 09:16 PM   #2
AltF4
Member
 
Registered: Sep 2002
Location: .at
Distribution: SuSE, Knoppix
Posts: 532

Rep: Reputation: 31
1) check /var/log/messages for logins
2) use the "last" command (man last)
3) install the accounting package (man accton)
 
Old 07-19-2004, 10:49 PM   #3
jpat1023
Member
 
Registered: Oct 2003
Location: USA
Distribution: Red Hat 9, Ubuntu 10; Windows Server 2003 and XP
Posts: 34

Rep: Reputation: 15
I agree Nagios does take some serious configuration to get going, but if you just do a little reading on the instructions its not that bad. And once you get it going it's great.
 
Old 07-20-2004, 02:12 AM   #4
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
Thanks for the prompt reply~

Here is my results, maybe you can give me more advice:
1) last few lines of my /var/log/messages
Code:
Jul 20 15:05:22 redhat32 smbd[4888]: [2004/07/20 15:05:22, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397) 
Jul 20 15:05:22 redhat32 smbd[4888]:   failed to decode PDU 
Jul 20 15:05:22 redhat32 smbd[4888]: [2004/07/20 15:05:22, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) 
Jul 20 15:05:22 redhat32 smbd[4888]:   process_request_pdu: failed to do schannel processing. 
Jul 20 15:05:23 redhat32 smbd[4888]: [2004/07/20 15:05:23, 0] smbd/service.c:set_current_service(56) 
Jul 20 15:05:23 redhat32 smbd[4888]:   chdir (/home/samba/netlogon) failed 
Jul 20 15:05:24 redhat32 smbd[4888]: [2004/07/20 15:05:24, 0] smbd/service.c:set_current_service(56) 
Jul 20 15:05:24 redhat32 smbd[4888]:   chdir (/home/samba/netlogon) failed 
Jul 20 15:05:33 redhat32 smbd[4888]: [2004/07/20 15:05:33, 0] rpc_server/srv_util.c:get_domain_user_groups(376) 
Jul 20 15:05:33 redhat32 smbd[4888]:   get_domain_user_groups: primary gid of user [redhat32admin] is not a Domain group ! 
Jul 20 15:05:33 redhat32 smbd[4888]:   get_domain_user_groups: You should fix it, NT doesn't like that
OK, whats PDU? My netlogon is set to 0770...
Whats with the last 2 lines? Sounds funny

2) last seems to only show users that log into the server not the XP machines...

3) I do not have an accton, what is it anyway?

CheerS~
 
Old 07-20-2004, 02:14 AM   #5
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
Thanks, jpat1023
 
Old 07-20-2004, 09:16 PM   #6
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
*bump*
 
Old 07-21-2004, 10:58 PM   #7
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
can anybody lend a hand with my problem here?

Thanks in advance~
 
Old 08-03-2004, 10:01 AM   #8
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
I thought of a way, just want some advice on this~

smbstatus is very useful in this sense since it outputs the username, group and machine logged onto the server...
i was thinking of using cron to periodically porting the output of smbstatus to a file.
Can anyone give me a hint on how this could be done?

I reckon that there is a better way of doing this, any suggestions welcome
 
Old 08-03-2004, 10:43 AM   #9
BrianWGray
Member
 
Registered: Oct 2003
Posts: 54

Rep: Reputation: 15
I think that this will be very helpful to you.

http://www.linuxjournal.com/article.php?sid=7251
 
Old 08-03-2004, 11:00 AM   #10
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
The site looks promising... Thanks~

Last edited by kenji1903; 08-05-2004 at 10:27 PM.
 
Old 08-05-2004, 10:28 PM   #11
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
Tried the code that was on the site, modified the srv_netlog_nt.c in Samba, got errors when i execute the make command... I am bad programmer

Did you manage to get it to work, BrianWGray?
 
Old 08-06-2004, 10:03 AM   #12
BrianWGray
Member
 
Registered: Oct 2003
Posts: 54

Rep: Reputation: 15
Honesty

I have to be honest, I use a windows advanced server as my domain controller. I have no need for the logs on the samba boxes because they authenticate to the domain controller every time they need to allow access.

I'm working on phasing out the windows servers so when I get to that stage I'll be sure to update my post. That won't be for a few months though.
 
Old 08-06-2004, 10:59 PM   #13
kenji1903
Member
 
Registered: Apr 2004
Location: M'sia, Aus, Chn
Distribution: Redhat Linux 8 & 9, Fedora Core 2, XP
Posts: 301

Original Poster
Rep: Reputation: 30
I see... does windows advanced server have an option to enable a log file of users logging on/off the server?

No worries mate, I will be waiting for your updates!

Thanks for the hints~
 
Old 09-13-2004, 10:04 AM   #14
ter_roshak
Member
 
Registered: May 2001
Location: Everett, WA
Distribution: Gentoo, RedHat
Posts: 102

Rep: Reputation: 15
I have implemented a couple of basic scripts that will log who is logged on to which machines throughout the day. The problem with what I have done is that Samba does not seem to recognize that the users have logged off very well... This problem is most evident when my log files show that people have logged on through the weekend when nobody was here.

This script runs every minute via cron and logs who is currently logged into the domain controller:

Code:
#!/bin/bash
#
# This shell script will list all of the Samba users currently on-line
# who have signed into this Domain Controller.
#
# This script will compile a list of users who have been logged on to
# specific machines throughout the day.
#
# Author:  Joshua Miller
# Date:    8/06/2004

CURDATE=`date +%m%d%Y-%H%M%S`
SUBNET='XXX.XXX'
SAVEFILE='/var/log/samba/smbusers.txt'

echo ""
echo "Username        Machine"
echo "-------------------------------"
smbstatus | grep $SUBNET | awk '{printf "%s    \t%s\n", $2, $4}' | sort -u | tee -a $SAVEFILE

echo "-------------------------------"
echo "Number of Users On-Line: "
smbstatus | grep $SUBNET | awk '{print $2}' | sort -u | wc -l
echo ""

# Do not store duplicate name/machine pairs in the file - save space
cat $SAVEFILE | sort -u > $SAVEFILE
Then, I have a script that runs daily to create a log of the users who have logged into each machine for that day. With the date setup that I have used, it is actually data for the previous day.

Code:
#!/bin/bash

CURDATE=`date +%m%d%Y`
SAVEFILE='/var/log/samba/smbusers.txt'
TEMPFILE='/var/log/samba/tmpusers.txt'

sort -u $SAVEFILE > $TEMPFILE

cp $TEMPFILE /var/log/samba/umlogs/$CURDATE-smbusers.txt
I am trying to figure out how to get Samba to logoff users more accurately, but until then, this is the best that I have. I hope that this helps.

Josh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tracing the logs from a dialup users nhoelle_18 Linux - Networking 0 06-01-2005 06:15 AM
Firefox logs user out? Where are error logs? case1984 Linux - General 0 10-09-2004 02:22 PM
User action tracing atlantislim Linux - Security 6 08-26-2002 08:57 PM
tracking user,when logs in godwin_73 Linux - Networking 1 03-06-2002 05:07 PM
c prog that logs user off... acromi Programming 11 02-05-2002 11:54 PM


All times are GMT -5. The time now is 11:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration