Subject: | |
From: | |
Reply To: | |
Date: | Wed, 22 Dec 2004 14:47:51 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
PROBLEM
With samba 3.0 the log format changed a bit and logwatch has not been
updated to reflect this. You get lots of logs like this from logwatch:
smbd/service.c:make_connection_snum(648) joakims (192.168.33.44) connect
to service joakims initially as user joakims (uid=1001, gid=100) (pid
6097) : 1 Time(s)
SOLUTION
Edit /etc/log.d/scripts/services/samba according to the following:
diff /etc/log.d/scripts/services/samba.orig
/etc/log.d/scripts/services/samba
46c46
< } elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^
]+\)) connect to service ([^ ]+) as user ([^ ]+)/ ) ) {
---
> } elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^
]+\))(?: signed)? connect to service ([^ ]+) initially as user ([^ ]+)/
) ) {
DETAILS
Logging code from
http://cvs.samba.org/cgi-bin/cvsweb/samba/source/smbd/service.c?rev=1.12
2.2.9&content-type=text/x-cvsweb-markup
if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
dbgtext( "%s (%s) ", get_remote_machine_name(),
conn->client_address );
dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
dbgtext( "connect to service %s ",
lp_servicename(SNUM(conn)) );
dbgtext( "initially as user %s ", user );
dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(),
(int)getegid() );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}
The latest unstable logwatch has an ignore line for this which is not
exacly what you would want:
($ThisLine =~ /smbd\/service.c:make_connection_snum\(\d+\) .+
connect to service .+ initially as user/) or
/// joakim
|
|
|