[Samba] VFS Extended Auditing Module Debug Information

John H Terpstra jht at samba.org
Thu Sep 23 06:22:35 GMT 2004


Given recent discussion on this list I have just updated the master Samba-Docs 
information regarding the Debug Class (Log Level) settings and the audit 
information each causes to be logged. This will appear in on-line versions of 
the Samba-HOWTO-Collection within 24 hours. To obtain an updated version 
point your browser at: 

The purpose of the extd_audit (Extended Audit) module is to permit logging of 
critical file and directory access to BOTH syslog as well as to individual 
log files. To create individual log file you can use:

	log file = /var/log/samba/%U.%m.log
	log level = 0 vfs:[012]
	syslog = 0
	log level = 0 vfs:0
or	log level = 0 vfs:1
or	log level = 0 vfs:2

In this example, syslog information will be only critical general samba 
information, plus full detail for all VFS modules up to the log level 

Please refer to the documentation in the VFS Modules chapter - the information 
logged has changed from what was previously documented.

This will create an individual per-user-per-client log of all level 0, 1, or 2
action. See also the updated chapter on Debugging Samba (Chapter 34.3.1).

Despite recent criticism regarding the difficulty of establishing acceptable 
auditing logs, this module is in use in a number of sites that require strict 
auditability of file and directory operations.


- John T.
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

More information about the samba mailing list