[WIP] Log database changes.

Andrew Bartlett abartlet at samba.org
Thu May 10 04:07:16 UTC 2018

On Mon, 2018-05-07 at 18:05 +0200, Stefan Metzmacher via samba-
technical wrote:
> Hi Gary,
> > Current state of this task.
> > 
> > Comments appreciated.
> Most of the preparation like the session guid looks good.
> I'm wondering if we want to implement the auditing of the directory
> database similar to Windows using SACLs in the security descriptors
> instead of having custom modules for various types of events.

SACL support would still need the same infrastructure, it would just
provide a way to filter which events to audit, rather than the course-
grained filters we have here.

I see it as a version 2 kind of thing, we need to get this much in
first.  So far the client requests have been for class-based logging
(the filtering happens on external log analysis tools). 

I would also want to know clearly what the use case is for SACL
logging, because if it is only really valuable in conjunction with a
full Event Log and matching windows exactly, that would be much more

As it stands, our ACLs are a pain to modify (outside the windows GUI),
so in the short time per-server smb.conf options, matching the audit
work done so far seem much more practical. 


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180510/5b62c44b/signature.sig>

More information about the samba-technical mailing list