Samba user login history (who done it?)

[Dunx]

I have a Samba PDC oin my network that is working great. I use Squid as my proxy and have SquidGuard to block porn seeing as this network is a school.

SquidGuard does sometimes let stuff through and I would like to track down who is visiting porn sites. I can figure out the IP number of the PC and what time the site was visited (Sarg gives great log analysis), but how do I find out who was logged in at that time?

Thanks for any help

[Dunx]

I have just set the following in my smb.conf file which will allow me to follow who has logged in on what day and when they logged out.

debug uid = Yes

Is there any way to find this out for the past few days when I did not have this set?

Another thing, is there a log file analysis app that is going to make my life much easier in this regard.

Thanks

[swemic]

I'm not 100% sure, but I think that you'll see in Proxy logfiles who is logged in. And the logfiles are just the similar syntax as in Apache logfile. Where one of the columns should have an userid.

[Dunx]

The proxy log files stored in /var/log/samba/log.??? only now contain user info since setting

debug uid = Yes

I know you can see current logged in users using
$ smbstatus -b
for a brief listing
But are these records stored elsewhere? (I think at this point it seems to be wishful thiking)

Other point, any ideas on a log file analiser?

[swemic]

No, they are usually at /var/log/squid/
There you will have all sets of logging from Squid.

[swemic]

Just to make my point here, you wish to have controll of which user that has authenticated with your squid been "surfing" around the net, right?
Then your logfile(s) is the Squid logging, and in somewhat might be so that you whish to check out the SquidGuard logfiles as well,
which are at /var/log/squidguard/
So you will not much have a clue on which user did what on the net by scanning the samba logs, unless you have a real-time logging/supervission function

[Dunx]

swemic
Thanks for you responses but I have been looking in the Samba log files because users authenticate themselves on the network and then are free to use the internet. I do not have another password fill in for when they open their browsers and start surfing because that seems like micro-managing.

For internet and other user tracking I wanted to know who was logged in when something happened and the ideal place to find that is in Samba (which I now have set up). Perhaps I should add authentication to squid how to set that up so that it uses the same passwords....

[swemic]

Have not done it my self, but yes, you should be able to authenticate Squid via Smb. And the you would have a much better tracking on who is where.