Date: Mon, 27 Oct 2003 19:32:43 -0500 From: Michael E Conlen <meconlen@obfuscated.net> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: Log every access to a file Message-ID: <3EC1A985-08DE-11D8-93C8-00039367611E@obfuscated.net> In-Reply-To: <20031027113545.GB11587@happy-idiot-talk.infracaninophile.co.uk> References: <000c01c39c3e$72c47950$fe01a8c0@JMICH> <20031027113545.GB11587@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
You patch the open() call in the kernel to log messages to syslog. I've got patches for the kernel to log exec() but not open(). It's fairly trivial once you see it in action. -- Michael Conlen On Oct 27, 2003, at 6:35 AM, Matthew Seaman wrote: > On Mon, Oct 27, 2003 at 11:57:31AM +0800, chael@southgate.ph.inter.net > wrote: > >> How do you create/add a system log to monitor every access to a >> specific file (say a database file accessed through samba)? A sample >> line for syslog.conf would be greatly appreciated ?? :-) > > Syslog.conf doesn't work that way: application processes themselves > decide what log messages to generate and pass them to syslogd(8). > syslogd(8) then takes care of writing those log messages into the log > files, together with timestamps and other administrivia as required. > /etc/syslog.conf is all about directing that flow of messages into the > appropriate files categorized by priority and by what application made > them. > > Samba has extensive logging capabilities itself -- which generally > bypass syslog entirely, although there are options available to use > syslog. It will certainly log who is accessing the server and from > what machines. I don't think it has the capability to monitor > accesses down to the level of a particular file though, but read the > manuals carefully to be sure. > > If you really need to log all accesses to the file, then probably your > best bet is to only make the file available via a web interface, which > can be set to require passwords before it will allow access and will > supply the logs you require. Alternatively, databases such as > postgres or mysql can keep detailed logs of all queries run against > them. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH > UK > -- Michael Conlen meconlen@obfuscated.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EC1A985-08DE-11D8-93C8-00039367611E>