# how to track files in on Samba



## eugiin (Jul 9, 2010)

hi guys
I'm new to freebsd  and I've set up a server but i'm facing a new problem.
Is it possible to track the files/folders that are on the share. For example i need to know who is accessing what file and what they have done to it? are they saving it to thier folder and so on please help .... its quite urgent.
thanks in advance..


----------



## SirDice (Jul 9, 2010)

You will need to set up security event auditing. This is not something you can simply turn on. It also requires quite a lot of administrative overhead.

Handbook: Chapter 17 Security Event Auditing


----------



## eugiin (Jul 14, 2010)

is that so I'll try reading it but is it possible for you to guide me through the hole thing or any help will be great at the moment I'm clueless at the moment. thanks a lot


----------



## chancey (Jul 14, 2010)

eugiin said:
			
		

> is that so I'll try reading it but is it possible for you to guide me through the hole thing or any help will be great at the moment I'm clueless at the moment. thanks a lot



I get the feeling what your trying to acheive is difficult because your using software ina  way that its not supposed to be used. Is there a specific reason you need real time auditing?

I'm not sure if this helps but you can use smbstatus to see the currently open file handles and whos doing what like:

```
[elliot@hades12 ~]$ smbstatus 

Samba version 3.4.7-58.fc12
PID     Username      Group         Machine                        
-------------------------------------------------------------------
32089     nobody        nobody        elliots-mac-pro (::ffff:192.168.1.50)
32090     nobody        nobody        elliots-mac-pro (::ffff:192.168.1.50)

Service      pid     machine       Connected at
-------------------------------------------------------
storage      32089   elliots-mac-pro  Wed Jul 14 19:26:32 2010
IPC$         32090   elliots-mac-pro  Wed Jul 14 19:26:32 2010

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
32089        99         DENY_NONE  0x120089    RDONLY     NONE             /storage   TV Shows/MythBusters/Season 6/mythbusters.602.vob   Wed Jul 14 19:26:32 2010
```


----------



## eugiin (Jul 15, 2010)

thanks I'll try smstatus out but it is necessary for me. I just got into a new job but as a intern for now they told me to set up a server using freebsd and samba and i need to able to track down exactly who is doing what and so on i managed to do the samba share for over 30 staffs with different groups and permission level but i got suck on the tracking part. so any new or on topic hints and guides will do me good thanks a lot chancey if you can think of any other thing please let me know thanks in advance


----------



## chancey (Jul 15, 2010)

Took me about 2 minutes to find this on google:
http://www.linuxquestions.org/quest...reate-files-modify-files-on-linux-smb-808012/

You may find that the log files are difficult to find stuff ... I have in the past written simple php scripts that load the data into a mysql or postgres database where you can search and stat it easier.


----------



## tingo (Jul 18, 2010)

Perhaps they really should use a document management system instead?


----------

