[PATCH] build: add option to choose to build with or without JSON audit support

Alexander Bokovoy ab at samba.org
Fri May 4 06:08:41 UTC 2018

On pe, 04 touko 2018, Volker Lendecke via samba-technical wrote:
> On Fri, May 04, 2018 at 08:23:30AM +1200, Andrew Bartlett via samba-technical wrote:
> > On Thu, 2018-05-03 at 21:47 +0200, Volker Lendecke wrote:
> > > On Thu, May 03, 2018 at 08:27:08PM +1200, Andrew Bartlett via samba-technical wrote:
> > > > On Thu, 2018-05-03 at 09:22 +0100, Rowland Penny via samba-technical
> > > > wrote:
> > > > > 
> > > > > I feel, 'Samba was not compiled with --without-json-audit' is clearer
> > > > 
> > > > Thanks Rowland.  I agree, but I have to make that true first.  A task
> > > > for Monday (I hope to slay LMDB tomorrow). 
> > > 
> > > I might be late in the game. I just tried to compile --without-ad-dc,
> > > but still get a link dependency against libjansson. What is that used
> > > for without having an Active Directory Domain Controller even
> > > compiled? Why is libjansson a strict dependency in that case? Are we
> > > using it for other things now also?
> > 
> > The audit logging was added for the file server and NT4 DC as well.  
> > 
> > The testing and coverage is comprehensive for the AD DC, but where the
> > same paths are used (and where it wasn't hard to add) the file server
> > and NT4 DC wasn't left out.  
> > 
> > My hope is that this can be quite helpful in monitoring large
> > installations. 
> Ok, but the only way to not link against this is to remove
> libjansson-dev from the build machine, right? This means a build
> machine per target environment. Easy with containers. Thanks for the
> info.
> I thought we had removed Javascript in favor of python years ago. I
> don't understand why are forced to pull it in again now. Do you plan
> to replace our python scripting by Javascript also in the future?
libjansson has nothing to do with javascript. It is a C library for JSON
format processing (RFC 4627), not a javascript compiler/interpreter. It
has no ability to evaluate javascript code at all.

JSON format is actively used by many systems that consume logs from
other applications. If data (log event) is encoded in JSON, it is easier
to import that into a centralized logging infrastructure. Without JSON
formatting you'd need to parse existing logs and transform them into
something similarly unified before the import. In Samba case it also
means you'd need to run with a higer debug level too and parsing
multiple lines to obtain the same information that is now available
through the audit messages formatted with the help of jansson library.

I think --with-json-audit patch would need to make to 4.8 too, this is a
matter of opening a bugzilla and combining commits
57d9969f5cd681cd02017c0b41fcbb12fe10fb08 and
cc1eed99bda3773dc13e927f1df1c4fd72e4b848 together.

/ Alexander Bokovoy

More information about the samba-technical mailing list