svn commit: samba-docs r1047 - in trunk/manpages-3: .
jpeach at samba.org
jpeach at samba.org
Wed Feb 28 22:46:31 GMT 2007
Author: jpeach
Date: 2007-02-28 22:46:31 +0000 (Wed, 28 Feb 2007)
New Revision: 1047
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1047
Log:
Document the full_audit VFS module.
Added:
trunk/manpages-3/smb-vfs-full_audit.8.xml
Changeset:
Added: trunk/manpages-3/smb-vfs-full_audit.8.xml
===================================================================
--- trunk/manpages-3/smb-vfs-full_audit.8.xml 2007-02-28 21:10:51 UTC (rev 1046)
+++ trunk/manpages-3/smb-vfs-full_audit.8.xml 2007-02-28 22:46:31 UTC (rev 1047)
@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_full_audit.8">
+
+<refmeta>
+ <refentrytitle>vfs_full_audit</refentrytitle>
+ <manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_full_audit</refname>
+ <refpurpose>record Samba VFS operations in the system log</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = full_audit</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_full_audit</command> VFS module records selected
+ client operations to the system log using
+ <citerefentry><refentrytitle>syslog</refentrytitle>
+ <manvolnum>3</manvolnum></citerefentry>.</para>
+
+ <para><command>vfs_full_audit</command> is able to record the
+ complete set of Samba VFS operations:</para>
+
+ <simplelist>
+ <member>connect</member>
+ <member>disconnect</member>
+ <member>disk_free</member>
+ <member>get_quota</member>
+ <member>set_quota</member>
+ <member>get_shadow_copy_data</member>
+ <member>statvfs</member>
+ <member>opendir</member>
+ <member>readdir</member>
+ <member>seekdir</member>
+ <member>telldir</member>
+ <member>rewinddir</member>
+ <member>mkdir</member>
+ <member>rmdir</member>
+ <member>closedir</member>
+ <member>open</member>
+ <member>close</member>
+ <member>read</member>
+ <member>pread</member>
+ <member>write</member>
+ <member>pwrite</member>
+ <member>lseek</member>
+ <member>sendfile</member>
+ <member>rename</member>
+ <member>fsync</member>
+ <member>stat</member>
+ <member>fstat</member>
+ <member>lstat</member>
+ <member>unlink</member>
+ <member>chmod</member>
+ <member>fchmod</member>
+ <member>chown</member>
+ <member>fchown</member>
+ <member>chdir</member>
+ <member>getwd</member>
+ <member>utime</member>
+ <member>ftruncate</member>
+ <member>lock</member>
+ <member>kernel_flock</member>
+ <member>linux_setlease</member>
+ <member>getlock</member>
+ <member>symlink</member>
+ <member>readlink</member>
+ <member>link</member>
+ <member>mknod</member>
+ <member>realpath</member>
+ <member>fget_nt_acl</member>
+ <member>get_nt_acl</member>
+ <member>fset_nt_acl</member>
+ <member>set_nt_acl</member>
+ <member>chmod_acl</member>
+ <member>fchmod_acl</member>
+ <member>sys_acl_get_entry</member>
+ <member>sys_acl_get_tag_type</member>
+ <member>sys_acl_get_permset</member>
+ <member>sys_acl_get_qualifier</member>
+ <member>sys_acl_get_file</member>
+ <member>sys_acl_get_fd</member>
+ <member>sys_acl_clear_perms</member>
+ <member>sys_acl_add_perm</member>
+ <member>sys_acl_to_text</member>
+ <member>sys_acl_init</member>
+ <member>sys_acl_create_entry</member>
+ <member>sys_acl_set_tag_type</member>
+ <member>sys_acl_set_qualifier</member>
+ <member>sys_acl_set_permset</member>
+ <member>sys_acl_valid</member>
+ <member>sys_acl_set_file</member>
+ <member>sys_acl_set_fd</member>
+ <member>sys_acl_delete_def_file</member>
+ <member>sys_acl_get_perm</member>
+ <member>sys_acl_free_text</member>
+ <member>sys_acl_free_acl</member>
+ <member>sys_acl_free_qualifier</member>
+ <member>getxattr</member>
+ <member>lgetxattr</member>
+ <member>fgetxattr</member>
+ <member>listxattr</member>
+ <member>llistxattr</member>
+ <member>flistxattr</member>
+ <member>removexattr</member>
+ <member>lremovexattr</member>
+ <member>fremovexattr</member>
+ <member>setxattr</member>
+ <member>lsetxattr</member>
+ <member>fsetxattr</member>
+ <member>aio_read</member>
+ <member>aio_write</member>
+ <member>aio_return</member>
+ <member>aio_cancel</member>
+ <member>aio_error</member>
+ <member>aio_fsync</member>
+ <member>aio_suspend</member>
+ </simplelist>
+
+ <para>In addition to these operations,
+ <command>vfs_full_audit</command> recognizes the special operation
+ names "all" and "none ", which refer to all
+ the VFS operations and none of the VFS operations respectively.
+ </para>
+
+ <para><command>vfs_full_audit</command> records operations in fixed
+ format consisting of fields separated by '|' characters. The
+ format is: </para>
+ <programlisting>
+ smbd_audit: PREFIX|OPERATION|RESULT|FILE
+ </programlisting>
+
+ <para>The record fields are:</para>
+
+ <itemizedlist>
+ <listitem><para><command>PREFIX</command> - the result of the full_audit:prefix string after variable substitutions</para></listitem>
+ <listitem><para><command>OPERATION</command> - the name of the VFS operation</para></listitem>
+ <listitem><para><command>RESULT</command> - whether the operation succeeded or failed</para></listitem>
+ <listitem><para><command>FILE</command> - the name of the file or directory the operation was performed on</para></listitem>
+
+ </itemizedlist>
+
+ <para>This module is stackable.</para>
+
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>vfs_full_audit:prefix = STRING</term>
+ <listitem>
+ <para>Prepend audit messages with STRING. STRING is
+ processed for standard substitution variables listed in
+ <citerefentry><refentrytitle>smb.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry>. The default
+ prefix is "%u|%I". </para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>vfs_full_audit:success = LIST</term>
+ <listitem>
+ <para>LIST is a list of VFS operations that should be
+ recorded if they succeed. Operations are specified using
+ the names listed above.
+ </para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>vfs_full_audit:failure = LIST</term>
+ <listitem>
+ <para>LIST is a list of VFS operations that should be
+ recorded if they failed. Operations are specified using
+ the names listed above.
+ </para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>full_audit:facility = FACILITY</term>
+ <listitem>
+ <para>Log messages to the named
+ <citerefentry><refentrytitle>syslog</refentrytitle>
+ <manvolnum>3</manvolnum></citerefentry> facility.
+
+ </para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>full_audit:priority = PRIORITY</term>
+ <listitem>
+ <para>Log messages with the named
+ <citerefentry><refentrytitle>syslog</refentrytitle>
+ <manvolnum>3</manvolnum></citerefentry> priority.
+ </para>
+
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Log file and directory open operations on the [records]
+ share using the LOCAL7 facility and ALERT priority, including
+ the username and IP address:</para>
+
+<programlisting>
+ <smbconfsection name="[records]"/>
+ <smbconfoption name="path">/data/records</smbconfoption>
+ <smbconfoption name="vfs objects">full_audit</smbconfoption>
+ <smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
+ <smbconfoption name="full_audit:success">open opendir</smbconfoption>
+ <smbconfoption name="full_audit:failure">all</smbconfoption>
+ <smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
+ <smbconfoption name="full_audit:priority">ALERT</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+ <para>This man page is correct for version 3.0.25 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
More information about the samba-cvs
mailing list