Hi All,
*
Currently we are using Samba to access our share point on Linux server via a
windows workgroup. SELinux is enabled and everything works fine.
*
What I would like is a log file of all the files accessed. If the log file
logs IP address, user and application that would be great however just a log
of which files where access and a date/time stamp would be ample.
*
*I've searched all over the net and can't find a simple "How To" using SELinux
to allow for logging all file activity, in fact I can't find anything.
*
*Many thanks for any help anyone is able to offer. I'm absolutely sure someone
has tackled this issue and it may be as simple as starting up the right
service.
*
*Version of Linux Fedora Core 5 straight out the box.
*
*Regards,
*George Shafik

..that explains one possible way. Though I'm not saying it's practical in any way for a long period watching, but..that's a start. lsof shows which files are open, read for more information.

p.S. I'm sure somebody has a way better way..

I don't know how to do this with SELinux, but you can try something like this for a more portable version that won't give you username/IP addresses information:

find /samba/share/point -mtime 0 -print0 | xargs -0 ls -al > access_log

This will give you a list of all files modified in the past 24 hours. Check out the man pages for find to see all of the options for time and date ranges if you would rather keep logs every hour, every three hours, etc.

Many thanks "abegetchell" this will do the job.

Thanks for the quick response it is greatly appreciated.

Kind Regards,
George Shafik