[Samba] Re: VFS Extended Auditing Module Debug Information
John H Terpstra
jht at samba.org
Tue Sep 28 05:41:49 GMT 2004
On Monday 27 September 2004 10:44, Marco De Vitis wrote:
> Il 23/09/2004, alle ore 8:22, John H Terpstra ha scritto:
> > Given recent discussion on this list I have just updated the master
> > Samba-Docs information regarding the Debug Class (Log Level) settings and
> > the audit
> Great, thanks!
> Anyway something is still not clear to me. I quote from the updated howto:
> > Logging can take place to the default log file (log.smbd) for all loaded
> > VFS modules just be setting in the smb.conf file log level = 0 vfs:x,
> > where x is the log level. This will disable general logging while
> > activating all logging of VFS module activity at the log level
> > specified.
> Apart from "be" -> "by" (I suppose), does this mean that a global log
> level of zero is NECESSARY for correct extd_audit logging? Or is it just a
Fixed in the source tree now.
- John T.
> Also, this "vfs:x" parameter looks like a global VFS parameter. Does this
> mean that any other VFS module which outputs debug information (I don't
> know if others exist) will be affected by it?
> > log level = 0 vfs:
> > syslog = 0
> > ie:
> > log level = 0 vfs:0
> > or log level = 0 vfs:1
> > or log level = 0 vfs:2
> > In this example, syslog information will be only critical general samba
> I just tried these settings:
> log file = /var/log/samba/%m.%U.log
> syslog = 0
> log level = 0 vfs:2
> max log size = 0
> ...and restarted samba (3.0.7), but I still get lots of smbd_audit stuff
> in syslog, and ONLY in syslog (i.e. not in samba logfiles): open, close,
> opendir, rename, chmod...
> > Despite recent criticism regarding the difficulty of establishing
> > acceptable
> I'm not critic regarding audit, I'm critic regarding docs about it. ;)
> Let me explain: when using Samba 2.x I expressed on some mailing lists the
> desire for good auditing on file access, and I was told that the audit VFS
> module in Samba 3 was the answer to my problems. I now finally got to use
> Samba 3, but I felt lost regarding the way to obtain usable audit logs,
> and so a bit disappointed.
> As far as I can see, this is a fairly popular topic, so maybe it should be
> documented in more detail, covering all doubts users seem to express on
> the subject.
> Anyway your new additions to the howto are already a good step forward, I
> now have a clearer idea of what I should do.
> ..."Kid A", Radiohead 2000
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
More information about the samba