[Samba] VFS Extended Auditing Module Debug Information
rruegner
robert at ruegner.org
Thu Sep 23 12:40:15 GMT 2004
Hi John ,
i just tried your examples with suse 9.0 samba 3.07
in globals
log file = /var/log/samba/%m.log
log level = vfs:2
syslog = 0
works but i have only create and rename messages in the log
a deletion is named unlinked ( sound miracle to me )
log file = /var/log/samba/%U.%m.log
creates test.testmachine.log
but only extd_audit is written to .testmachine.log
(%U.%m.log this doesnt work )
i have it like this in the share
[files3]
comment = public files
path = /files3
read only = No
guest ok = Yes
browseable = Yes
csc policy = disable
vfs objects = vscan-clamav, netatalk, extd_audit, recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP
recycle:exclude_dir= /tmp,/temp,/cache
recycle:repository = .recycle/.recycle.%u
recycle:noversions = *.doc,*.xls,*.ppt
wheres my mistake?
and do you no what this full_audit module is?
-----------
[2004/09/23 14:37:14, 1] modules/vfs_extd_audit.c:audit_fchmod_acl(322)
vfs_extd_audit: fchmod_acl Neu Textdokument.txt mode 0x1e4 failed:
Keine Daten verfügbarvfs_extd_audit: opendir ./
[2004/09/23 14:37:14, 1] modules/vfs_extd_audit.c:audit_opendir(141)
[2004/09/23 14:37:40, 1] modules/vfs_extd_audit.c:audit_rename(232)
vfs_extd_audit: rename old: ./Neu Textdokument.txt new: ./testfile.txt
[2004/09/23 14:37:40, 1] modules/vfs_extd_audit.c:audit_opendir(141)
[2004/09/23 14:37:45, 0] modules/vfs_extd_audit.c:audit_unlink(250)
vfs_extd_audit: unlink testfile.txt
[2004/09/23 14:37:45, 1] modules/vfs_extd_audit.c:audit_opendir(141)
-------------
log level = 0 vfs:2 produces nothing in the logs
Regards
John H Terpstra schrieb:
> Folks,
>
> Given recent discussion on this list I have just updated the master Samba-Docs
> information regarding the Debug Class (Log Level) settings and the audit
> information each causes to be logged. This will appear in on-line versions of
> the Samba-HOWTO-Collection within 24 hours. To obtain an updated version
> point your browser at:
> http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
>
> The purpose of the extd_audit (Extended Audit) module is to permit logging of
> critical file and directory access to BOTH syslog as well as to individual
> log files. To create individual log file you can use:
>
> log file = /var/log/samba/%U.%m.log
> log level = 0 vfs:[012]
> syslog = 0
> ie:
> log level = 0 vfs:0
> or log level = 0 vfs:1
> or log level = 0 vfs:2
>
> In this example, syslog information will be only critical general samba
> information, plus full detail for all VFS modules up to the log level
> specified.
>
> Please refer to the documentation in the VFS Modules chapter - the information
> logged has changed from what was previously documented.
>
> This will create an individual per-user-per-client log of all level 0, 1, or 2
> action. See also the updated chapter on Debugging Samba (Chapter 34.3.1).
>
> Despite recent criticism regarding the difficulty of establishing acceptable
> auditing logs, this module is in use in a number of sites that require strict
> auditability of file and directory operations.
>
> Enjoy.
>
> - John T.
More information about the samba
mailing list