Q&A: Can I Monitor User Operations on Shares?

#Question
Can I monitor user operations (read, write, delete) on shares?

Answer

Samba (and therefore UCS) provide several ways to get user operations logged.
Note: When logging user operations this way make sure to be compliant to privacy regulations!

  • Activate Kerberos logging (to be found in /var/log/samba/log.samba)
ucr set kerberos/defaults/debug=4
/etc/init.d/samba restart
  • Adjust Samba logging for auth component to /var/log/samba/*
    ucr set samba/debug/level="1 auth:4"
  • Use GPO-Logonscript to write a log entry on logon See this article.
  • Starting with UCS 4.3 there is an improve logging of authentication events.
  • Last there is a Samba-Modul