Find the answer to your Linux question:
Results 1 to 8 of 8
I have a Samba PDC oin my network that is working great. I use Squid as my proxy and have SquidGuard to block porn seeing as this network is a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    17

    Samba user login history (who done it?)


    I have a Samba PDC oin my network that is working great. I use Squid as my proxy and have SquidGuard to block porn seeing as this network is a school.

    SquidGuard does sometimes let stuff through and I would like to track down who is visiting porn sites. I can figure out the IP number of the PC and what time the site was visited (Sarg gives great log analysis), but how do I find out who was logged in at that time?

    Thanks for any help

  2. #2
    Just Joined!
    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    17
    I have just set the following in my smb.conf file which will allow me to follow who has logged in on what day and when they logged out.

    debug uid = Yes

    Is there any way to find this out for the past few days when I did not have this set?

    Another thing, is there a log file analysis app that is going to make my life much easier in this regard.

    Thanks

  3. #3
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    I'm not 100% sure, but I think that you'll see in Proxy logfiles who is logged in. And the logfiles are just the similar syntax as in Apache logfile. Where one of the columns should have an userid.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    17
    The proxy log files stored in /var/log/samba/log.??? only now contain user info since setting

    debug uid = Yes

    I know you can see current logged in users using
    $ smbstatus -b
    for a brief listing
    But are these records stored elsewhere? (I think at this point it seems to be wishful thiking)

    Other point, any ideas on a log file analiser?

  6. #5
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    No, they are usually at /var/log/squid/
    There you will have all sets of logging from Squid.

  7. #6
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Just to make my point here, you wish to have controll of which user that has authenticated with your squid been "surfing" around the net, right?
    Then your logfile(s) is the Squid logging, and in somewhat might be so that you whish to check out the SquidGuard logfiles as well,
    which are at /var/log/squidguard/
    So you will not much have a clue on which user did what on the net by scanning the samba logs, unless you have a real-time logging/supervission function

  8. #7
    Just Joined!
    Join Date
    Aug 2004
    Location
    South Africa
    Posts
    17
    swemic
    Thanks for you responses but I have been looking in the Samba log files because users authenticate themselves on the network and then are free to use the internet. I do not have another password fill in for when they open their browsers and start surfing because that seems like micro-managing.

    For internet and other user tracking I wanted to know who was logged in when something happened and the ideal place to find that is in Samba (which I now have set up). Perhaps I should add authentication to squid how to set that up so that it uses the same passwords....

  9. #8
    Linux Enthusiast
    Join Date
    Feb 2005
    Location
    SE, Stockholm
    Posts
    512
    Have not done it my self, but yes, you should be able to authenticate Squid via Smb. And the you would have a much better tracking on who is where.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •