VFS AUDIT
Holger Hetterich
hhetter at samba.org
Thu Nov 22 04:18:40 MST 2012
Am 21.11.2012 11:47, schrieb L9WEB:
> Good afternoon. I plan to develop a system similar to sarg (squid) for
> creation of friendly logs of the AUDIT VFS.
smb traffic analyzer can do this, for a number of VFS operations, but
not the full scale of vfs_audit/vfs_full_audit.
It can produce things like:
-- userXYZ opened file "blahblah" on share $SHARE in domain $DOMAIN at
$TIMESTAMP. --
-- userXYZ wrote 1005 bytes to file "blahblah" on $SHARE in domain
$DOMAIN at $TIMESTAMP. --
It produces XML as output which can be converted to pretty much anything.
>
>
>
> I wonder about the operations, what expression I use to:
>
> - Open a file in MS-WORD or ADOBE PDF in a terminal-WINDOWS
not sure what you want to reach for. In the VFS layer however you can
determine the file name and you can see if something has been opened,
closed, written to, or read from. With the rest of the data you can
catch there, you can write a program that puts out text that is able to
be easily read by humans.
Or, write a program that just interprets the output of audit/full_audit.
-- Holger
More information about the samba-technical
mailing list