From owner-freebsd-questions@FreeBSD.ORG Mon Oct 27 16:45:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24B2416A609 for ; Mon, 27 Oct 2003 16:45:32 -0800 (PST) Received: from svaha.com (svaha.com [64.46.156.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2472E44585 for ; Mon, 27 Oct 2003 16:32:48 -0800 (PST) (envelope-from meconlen@obfuscated.net) Received: from [192.168.1.69] (653262hfc196.tampabay.rr.com [65.32.62.196]) (AUTH: LOGIN meconlen, TLS: TLSv1/SSLv3,128bits,RC4-SHA) by svaha.com with esmtp; Mon, 27 Oct 2003 19:32:46 -0500 In-Reply-To: <20031027113545.GB11587@happy-idiot-talk.infracaninophile.co.uk> References: <000c01c39c3e$72c47950$fe01a8c0@JMICH> <20031027113545.GB11587@happy-idiot-talk.infracaninophile.co.uk> Mime-Version: 1.0 (Apple Message framework v606) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <3EC1A985-08DE-11D8-93C8-00039367611E@obfuscated.net> Content-Transfer-Encoding: 7bit From: Michael E Conlen Date: Mon, 27 Oct 2003 19:32:43 -0500 To: Matthew Seaman X-Mailer: Apple Mail (2.606) cc: chael@southgate.ph.inter.net cc: freebsd-questions@freebsd.org Subject: Re: Log every access to a file X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 00:45:45 -0000 X-List-Received-Date: Tue, 28 Oct 2003 00:45:45 -0000 You patch the open() call in the kernel to log messages to syslog. I've got patches for the kernel to log exec() but not open(). It's fairly trivial once you see it in action. -- Michael Conlen On Oct 27, 2003, at 6:35 AM, Matthew Seaman wrote: > On Mon, Oct 27, 2003 at 11:57:31AM +0800, chael@southgate.ph.inter.net > wrote: > >> How do you create/add a system log to monitor every access to a >> specific file (say a database file accessed through samba)? A sample >> line for syslog.conf would be greatly appreciated ?? :-) > > Syslog.conf doesn't work that way: application processes themselves > decide what log messages to generate and pass them to syslogd(8). > syslogd(8) then takes care of writing those log messages into the log > files, together with timestamps and other administrivia as required. > /etc/syslog.conf is all about directing that flow of messages into the > appropriate files categorized by priority and by what application made > them. > > Samba has extensive logging capabilities itself -- which generally > bypass syslog entirely, although there are options available to use > syslog. It will certainly log who is accessing the server and from > what machines. I don't think it has the capability to monitor > accesses down to the level of a particular file though, but read the > manuals carefully to be sure. > > If you really need to log all accesses to the file, then probably your > best bet is to only make the file available via a web interface, which > can be set to require passwords before it will allow access and will > supply the logs you require. Alternatively, databases such as > postgres or mysql can keep detailed logs of all queries run against > them. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH > UK > -- Michael Conlen meconlen@obfuscated.net