[PATCH] samba3 auditing server-side
Stefan (metze) Metzmacher
metze at samba.org
Wed Apr 12 07:33:44 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Guenther Deschner schrieb:
> Jeremy, Lars and me recently discussed how we could have exact tracking of
> auditable events in the samba3 code. As we now understand better how to
> remotely manage auditing policies, here is draft patch of how we could do
> the server-side of auditing.
> The patch just works for ldapsam (the auditing settings are replicated
> between DCs). That way, we could add the matching audit events with the
> correct event IDs (which are mostly well known and documented) using
> AUDIT_SUCCESS/AUDIT_FAILURE calls where appropriate in a very similar
> manner as windows does.
> It would be then rather easy to have a kind of "audit backend" parameter
> to send the audit events not only to the DEBUG macro but also to syslog or
> any other kind of auditing framework.
does this auditing also has to do with the SACL auditing or is this
Does Windows machines return NT_STATUS_AUDIT_FAILED to the client,
if the auditing fails? Maybe AUDIT_SUCCESS() and AUDIT_FAILURE() should
be just void functions...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical