[Samba] VFS Extended Auditing Module Debug Information
John H Terpstra
jht at samba.org
Thu Sep 23 06:22:35 GMT 2004
Given recent discussion on this list I have just updated the master Samba-Docs
information regarding the Debug Class (Log Level) settings and the audit
information each causes to be logged. This will appear in on-line versions of
the Samba-HOWTO-Collection within 24 hours. To obtain an updated version
point your browser at:
The purpose of the extd_audit (Extended Audit) module is to permit logging of
critical file and directory access to BOTH syslog as well as to individual
log files. To create individual log file you can use:
log file = /var/log/samba/%U.%m.log
log level = 0 vfs:
syslog = 0
log level = 0 vfs:0
or log level = 0 vfs:1
or log level = 0 vfs:2
In this example, syslog information will be only critical general samba
information, plus full detail for all VFS modules up to the log level
Please refer to the documentation in the VFS Modules chapter - the information
logged has changed from what was previously documented.
This will create an individual per-user-per-client log of all level 0, 1, or 2
action. See also the updated chapter on Debugging Samba (Chapter 34.3.1).
Despite recent criticism regarding the difficulty of establishing acceptable
auditing logs, this module is in use in a number of sites that require strict
auditability of file and directory operations.
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
More information about the samba