[Samba] Re: VFS Extended Auditing Module Debug Information

Marco De Vitis starless at spin.it
Mon Sep 27 16:44:56 GMT 2004


Il 23/09/2004, alle ore 8:22, John H Terpstra ha scritto:

> Given recent discussion on this list I have just updated the master Samba-Docs 
> information regarding the Debug Class (Log Level) settings and the audit 

Great, thanks!

Anyway something is still not clear to me. I quote from the updated howto:

> Logging can take place to the default log file (log.smbd) for all loaded
> VFS modules just be setting in the smb.conf file log level = 0 vfs:x,
> where x is the log level. This will disable general logging while
> activating all logging of VFS module activity at the log level
> specified.

Apart from "be" -> "by" (I suppose), does this mean that a global log
level of zero is NECESSARY for correct extd_audit logging? Or is it just a
suggestion?

Also, this "vfs:x" parameter looks like a global VFS parameter. Does this
mean that any other VFS module which outputs debug information (I don't
know if others exist) will be affected by it?

> 	log level = 0 vfs:[012]
> 	syslog = 0
> ie:
> 	log level = 0 vfs:0
> or	log level = 0 vfs:1
> or	log level = 0 vfs:2
> 
> In this example, syslog information will be only critical general samba 

I just tried these settings:

        log file = /var/log/samba/%m.%U.log
        syslog = 0
	log level = 0 vfs:2
	max log size = 0
	
...and restarted samba (3.0.7), but I still get lots of smbd_audit stuff
in syslog, and ONLY in syslog (i.e. not in samba logfiles): open, close,
opendir, rename, chmod...

> Despite recent criticism regarding the difficulty of establishing acceptable 

I'm not critic regarding audit, I'm critic regarding docs about it. ;)

Let me explain: when using Samba 2.x I expressed on some mailing lists the
desire for good auditing on file access, and I was told that the audit VFS
module in Samba 3 was the answer to my problems. I now finally got to use
Samba 3, but I felt lost regarding the way to obtain usable audit logs,
and so a bit disappointed.

As far as I can see, this is a fairly popular topic, so maybe it should be
documented in more detail, covering all doubts users seem to express on
the subject.
Anyway your new additions to the howto are already a good step forward, I
now have a clearer idea of what I should do.

-- 
Ciao,
  Marco.

..."Kid A", Radiohead 2000



More information about the samba mailing list