|
|
@ -90,10 +90,16 @@ while (defined(my $line=$tail->read)){ |
|
|
|
} |
|
|
|
} |
|
|
|
my @other = split /\|/, $line; |
|
|
|
my @other = split /\|/, $line; |
|
|
|
|
|
|
|
|
|
|
|
if (($action eq 'opendir') || ($action eq 'rmdir') || ($action eq 'mkdir') || ($action eq 'unlink')){ |
|
|
|
if ($action eq 'opendir'){ |
|
|
|
# Oct 12 17:20:24 sme8 smbd[11176]: admin|192.168.7.50|pc10-45|intranet|opendir|ok|./ |
|
|
|
# Oct 12 17:20:24 sme8 smbd[11176]: admin|192.168.7.50|pc10-45|intranet|opendir|ok|./ |
|
|
|
$status = $other[5]; |
|
|
|
$status = $other[5]; |
|
|
|
$file_src = $other[6]; |
|
|
|
$file_src = $other[6]; |
|
|
|
|
|
|
|
$access_mode = 'r'; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
elsif (($action eq 'rmdir') || ($action eq 'mkdir') || ($action eq 'unlink')){ |
|
|
|
|
|
|
|
$status = $other[5]; |
|
|
|
|
|
|
|
$file_src = $other[6]; |
|
|
|
|
|
|
|
$access_mode = 'w'; |
|
|
|
} |
|
|
|
} |
|
|
|
elsif ($action eq 'open'){ |
|
|
|
elsif ($action eq 'open'){ |
|
|
|
# Oct 12 17:20:28 sme8 smbd[11176]: admin|192.168.7.50|pc10-45|intranet|open|ok|r|Nouveau document |
|
|
|
# Oct 12 17:20:28 sme8 smbd[11176]: admin|192.168.7.50|pc10-45|intranet|open|ok|r|Nouveau document |
|
|
@ -106,6 +112,7 @@ while (defined(my $line=$tail->read)){ |
|
|
|
$status = $other[5]; |
|
|
|
$status = $other[5]; |
|
|
|
$file_src = $other[6]; |
|
|
|
$file_src = $other[6]; |
|
|
|
$file_dst = $other[7]; |
|
|
|
$file_dst = $other[7]; |
|
|
|
|
|
|
|
$access_mode = 'w'; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
my ($sec,$min,$hour,$day,$mon,$year) = localtime; |
|
|
|
my ($sec,$min,$hour,$day,$mon,$year) = localtime; |
|
|
@ -122,7 +129,7 @@ while (defined(my $line=$tail->read)){ |
|
|
|
$client_name = mysql_escape($client_name); |
|
|
|
$client_name = mysql_escape($client_name); |
|
|
|
$share = mysql_escape($share); |
|
|
|
$share = mysql_escape($share); |
|
|
|
$action = mysql_escape($action); |
|
|
|
$action = mysql_escape($action); |
|
|
|
$access_mode = mysql_escape($access_mode) if (defined $access_mode); |
|
|
|
$access_mode = mysql_escape($access_mode); |
|
|
|
$status = mysql_escape($status); |
|
|
|
$status = mysql_escape($status); |
|
|
|
$file_src = mysql_escape($file_src); |
|
|
|
$file_src = mysql_escape($file_src); |
|
|
|
$file_dst = mysql_escape($file_dst) if (defined $file_dst); |
|
|
|
$file_dst = mysql_escape($file_dst) if (defined $file_dst); |
|
|
@ -134,8 +141,7 @@ while (defined(my $line=$tail->read)){ |
|
|
|
if ($opts{debug} ge 2){ |
|
|
|
if ($opts{debug} ge 2){ |
|
|
|
my $msg = "New audit entry:\ndate: $date\nhour: $time\nusername: $username\n". |
|
|
|
my $msg = "New audit entry:\ndate: $date\nhour: $time\nusername: $username\n". |
|
|
|
"client_ip: $client_ip\nclient_name: $client_name\nshare: $share\n". |
|
|
|
"client_ip: $client_ip\nclient_name: $client_name\nshare: $share\n". |
|
|
|
"action: $action\nstatus: $status\nfile_src: $file_src"; |
|
|
|
"action: $action\nstatus: $status\nfile_src: $file_src\naccess_mode: $access_mode"; |
|
|
|
$msg .= "\naccess_mode: $access_mode" if (defined $access_mode); |
|
|
|
|
|
|
|
$msg .= "\nfile_dst: $file_dst" if (defined $file_dst); |
|
|
|
$msg .= "\nfile_dst: $file_dst" if (defined $file_dst); |
|
|
|
$msg .= "\n"; |
|
|
|
$msg .= "\n"; |
|
|
|
printlog($msg); |
|
|
|
printlog($msg); |
|
|
@ -143,13 +149,11 @@ while (defined(my $line=$tail->read)){ |
|
|
|
|
|
|
|
|
|
|
|
my $q = "INSERT INTO audit ". |
|
|
|
my $q = "INSERT INTO audit ". |
|
|
|
"(samba_host,date_day,date_time,username,client_ip,client_name,". |
|
|
|
"(samba_host,date_day,date_time,username,client_ip,client_name,". |
|
|
|
"action,"; |
|
|
|
"action,access_mode,"; |
|
|
|
$q .= "access_mode," if (defined $access_mode); |
|
|
|
|
|
|
|
$q .= "status,share,file_src"; |
|
|
|
$q .= "status,share,file_src"; |
|
|
|
$q .= ",file_dst" if (defined $file_dst); |
|
|
|
$q .= ",file_dst" if (defined $file_dst); |
|
|
|
$q .= ") VALUES('$host','$date','$time','$username','$client_ip','$client_name',". |
|
|
|
$q .= ") VALUES('$host','$date','$time','$username','$client_ip','$client_name',". |
|
|
|
"'$action'"; |
|
|
|
"'$action','$access_mode'"; |
|
|
|
$q .= ",'$access_mode'" if (defined $access_mode); |
|
|
|
|
|
|
|
$q .= ",'$status','$share','$file_src'"; |
|
|
|
$q .= ",'$status','$share','$file_src'"; |
|
|
|
$q .= ",'$file_dst'" if (defined $file_dst); |
|
|
|
$q .= ",'$file_dst'" if (defined $file_dst); |
|
|
|
$q .= ")"; |
|
|
|
$q .= ")"; |
|
|
|