[SAMBA] How to track windows user access , create files /modify files on linux SMB
 

Hello,

I have a SAMBA server setup on a Fedora box in my office, I will be using it to share out company documents.

I am looking for a way to log SMB client connections from Windows workstations ( Each employee has an account that they authenticate with, they have a linux username that is = to their windows username that they use to auth to the linux SMB shares with.

I would like to log a.) When a particular user Creates a file or folder on the share , b.) When a user deletes a file or folder from the share, and c.) When a user modifies an existing file or folder on the share...


Does anyone know what I could do to enable logging to log all these things? I can create a script to parse out the details from a log if it can be captured.

In fact even a method of logging when a user accesses a folder or file would be sufficient as I can track File creation and file modification already and can script a date/time comparrison to join the access log statements with the file change report information.


I hope thats a clear enough description, sure could use some help.

Thanks

Samba has an audit module that I think can do what you want.
For example, in my instalation, a typical output is:
In this output you can see the date, the server name, the samba auditing module name, the user name, the IP of the windows client, the windows machine name, the name of the samba share (in this case, "rh" and "at"), the operation (which could be mkdir, rename, unlink, rmdir, open, and pwrite) the status of operation (and the open mode), and finally, the name of file in the share.

To use it, install the samba audit module, and in the smb.conf, in a share definition:
There are some more options in this module, but you got the idea.
I hope it helps.

Thanks,
That was exactly what I was looking for.

I owe you, thanks again.