An event reporting framework for Samba

Stefan Metzmacher metze at
Sun Jan 24 15:06:42 UTC 2016

Hi Richard,

> I am seeking feedback on an idea for an improvement in Samba.
> In modern storage environments people want analytics and Samba needs
> to be able to provide the information requested.
> .rts from those events.
> In general, they would like a stream of events that they will then
> store in a database and from which they can generate interesting
> reports.
> For example, they would like:
> 1. Info about every logon, including who, when, where.
> 2. Info about every logoff, same as above.
> 3. Info about every tree connect, when, what, who.
> 4. Info about every tree disconnect, when, what, who.
> 5. Info about every file create
> 6. Info about every file delete, rename, change of attributes, and so on.
> From these they can generate reports about who accesses what and how
> many files are created, etc.
> Now, some of this could be achieved today by adding event reporting
> calls within a VFS module, not all of it can without modifying Samba.
> Moreover, I have probably not thought of everything that people might
> want events for. It might be easier if we had an event reporting
> framework that users could plug into. The default behavior would be to
> do absolutely nothing, especially if the user has not provided the
> module.
> Does this sound like a useful thing to do?

Yes, I think we should try to base this on the SACLs of security descriptors
as much as possible. This would solve the problem for everything that
is protected by a security descriptor not just files.

I'm wondering why you added SMB_VFS_AUDIT_FILE() with;a=commitdiff;h=0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267
and never add any use to it. Should we remove that again as it's
completely unused?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list