3 Replies Latest reply: Apr 5, 2013 1:15 AM by John Lockwood
w_sinclair Level 1 Level 1 (0 points)

Is it possible to change or add more information into the log, e.g. 'username' or other variables?


OS X Server
  • 1. Re: AFP Access Log
    John Lockwood Level 5 Level 5 (5,370 points)

    w_sinclair wrote:

     

    Is it possible to change or add more information into the log, e.g. 'username' or other variables?

    No.

     

    As a result, and as you may be coming to the sad realisation, the log is almost completely useless as it requires an inordinate effort to trace back entries to a matching login (and hence user name).

  • 2. Re: AFP Access Log
    w_sinclair Level 1 Level 1 (0 points)

    Hi John,

     

    Do you know of any other products ot logging tools that can interogate the AFP process that provides more granular reporting or SysLog functions?

  • 3. Re: AFP Access Log
    John Lockwood Level 5 Level 5 (5,370 points)

    w_sinclair wrote:

     

    Hi John,

     

    Do you know of any other products ot logging tools that can interogate the AFP process that provides more granular reporting or SysLog functions?

    The only log you can get is the afp log. You could in theory use a tool to process the content to make it easier to determine who did what. There is a tool called splunk for analysing all ypes of log files, it is however not free and would require a fair amount of work to setup to your needs.

     

    See http://www.splunk.com/view/log-management/SP-CAAAC6F

     

    To summarise the problem, the afp log lists all activity against IP addresses, this does include a login, so to start with there will be an entry saying xyz logged in to the AFP server from nn.nn.nn.nn IP address. Subsequent entries for that user like opening or deleting files would only be listed against the IP address and would not show the user name. With even a modest sized network there will be thousands of entries in the log making it very hard to scroll back to find who last logged in on a particular IP address and therefore did the activity. In some more esoteric cases multiple different users could be logged in from the same IP address at the same time making even this impossible.

     

    Other makes of server offering AFP support might have logs that specifically list user names for each activity, therefore if you have the absolute need to be able to do this the only option might be to use a different AFP server e.g. NetAtalk, or ExtremeZ-IP, or even switching to SMB, obviously you should test this before paying out.