An event reporting framework for Samba
Stefan Metzmacher
metze at samba.org
Sun Jan 24 15:06:42 UTC 2016
Hi Richard,
> I am seeking feedback on an idea for an improvement in Samba.
>
> In modern storage environments people want analytics and Samba needs
> to be able to provide the information requested.
> .rts from those events.
>
> In general, they would like a stream of events that they will then
> store in a database and from which they can generate interesting
> reports.
>
> For example, they would like:
>
> 1. Info about every logon, including who, when, where.
> 2. Info about every logoff, same as above.
> 3. Info about every tree connect, when, what, who.
> 4. Info about every tree disconnect, when, what, who.
> 5. Info about every file create
> 6. Info about every file delete, rename, change of attributes, and so on.
>
> From these they can generate reports about who accesses what and how
> many files are created, etc.
>
> Now, some of this could be achieved today by adding event reporting
> calls within a VFS module, not all of it can without modifying Samba.
> Moreover, I have probably not thought of everything that people might
> want events for. It might be easier if we had an event reporting
> framework that users could plug into. The default behavior would be to
> do absolutely nothing, especially if the user has not provided the
> module.
>
> Does this sound like a useful thing to do?
Yes, I think we should try to base this on the SACLs of security descriptors
as much as possible. This would solve the problem for everything that
is protected by a security descriptor not just files.
I'm wondering why you added SMB_VFS_AUDIT_FILE() with
https://git.samba.org/?p=samba.git;a=commitdiff;h=0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267
and never add any use to it. Should we remove that again as it's
completely unused?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160124/728844d7/signature.sig>
More information about the samba-technical
mailing list