Skip navigation

HT5541: OS X Server: Enabling the AFP Server Activity log

Learn about OS X Server: Enabling the AFP Server Activity log

HT5541 AFP Access Log

387 Views 3 Replies Latest reply: Apr 5, 2013 1:15 AM by John Lockwood RSS
w_sinclair Calculating status...
Currently Being Moderated
Apr 3, 2013 6:56 PM

Is it possible to change or add more information into the log, e.g. 'username' or other variables?

OS X Server
  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Apr 4, 2013 8:05 AM (in response to w_sinclair)

    w_sinclair wrote:

     

    Is it possible to change or add more information into the log, e.g. 'username' or other variables?

    No.

     

    As a result, and as you may be coming to the sad realisation, the log is almost completely useless as it requires an inordinate effort to trace back entries to a matching login (and hence user name).

  • John Lockwood Level 5 Level 5 (5,075 points)
    Currently Being Moderated
    Apr 5, 2013 1:15 AM (in response to w_sinclair)

    w_sinclair wrote:

     

    Hi John,

     

    Do you know of any other products ot logging tools that can interogate the AFP process that provides more granular reporting or SysLog functions?

    The only log you can get is the afp log. You could in theory use a tool to process the content to make it easier to determine who did what. There is a tool called splunk for analysing all ypes of log files, it is however not free and would require a fair amount of work to setup to your needs.

     

    See http://www.splunk.com/view/log-management/SP-CAAAC6F

     

    To summarise the problem, the afp log lists all activity against IP addresses, this does include a login, so to start with there will be an entry saying xyz logged in to the AFP server from nn.nn.nn.nn IP address. Subsequent entries for that user like opening or deleting files would only be listed against the IP address and would not show the user name. With even a modest sized network there will be thousands of entries in the log making it very hard to scroll back to find who last logged in on a particular IP address and therefore did the activity. In some more esoteric cases multiple different users could be logged in from the same IP address at the same time making even this impossible.

     

    Other makes of server offering AFP support might have logs that specifically list user names for each activity, therefore if you have the absolute need to be able to do this the only option might be to use a different AFP server e.g. NetAtalk, or ExtremeZ-IP, or even switching to SMB, obviously you should test this before paying out.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.