[WIP] Log database changes.
Andrew Bartlett
abartlet at samba.org
Thu May 10 04:07:16 UTC 2018
On Mon, 2018-05-07 at 18:05 +0200, Stefan Metzmacher via samba-
technical wrote:
> Hi Gary,
>
> > Current state of this task.
> >
> > Comments appreciated.
>
> Most of the preparation like the session guid looks good.
>
> I'm wondering if we want to implement the auditing of the directory
> database similar to Windows using SACLs in the security descriptors
> instead of having custom modules for various types of events.
SACL support would still need the same infrastructure, it would just
provide a way to filter which events to audit, rather than the course-
grained filters we have here.
I see it as a version 2 kind of thing, we need to get this much in
first. So far the client requests have been for class-based logging
(the filtering happens on external log analysis tools).
I would also want to know clearly what the use case is for SACL
logging, because if it is only really valuable in conjunction with a
full Event Log and matching windows exactly, that would be much more
work.
As it stands, our ACLs are a pain to modify (outside the windows GUI),
so in the short time per-server smb.conf options, matching the audit
work done so far seem much more practical.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180510/5b62c44b/signature.sig>
More information about the samba-technical
mailing list