[Samba] Re: VFS Extended Auditing Module Debug Information

John H Terpstra jht at samba.org
Tue Sep 28 05:41:49 GMT 2004 

On Monday 27 September 2004 10:44, Marco De Vitis wrote:
> Il 23/09/2004, alle ore 8:22, John H Terpstra ha scritto:
> > Given recent discussion on this list I have just updated the master
> > Samba-Docs information regarding the Debug Class (Log Level) settings and
> > the audit
>
> Great, thanks!
>
> Anyway something is still not clear to me. I quote from the updated howto:
> > Logging can take place to the default log file (log.smbd) for all loaded
> > VFS modules just be setting in the smb.conf file log level = 0 vfs:x,
> > where x is the log level. This will disable general logging while
> > activating all logging of VFS module activity at the log level
> > specified.
>
> Apart from "be" -> "by" (I suppose), does this mean that a global log
> level of zero is NECESSARY for correct extd_audit logging? Or is it just a
> suggestion?

Fixed in the source tree now.

- John T.

>
> Also, this "vfs:x" parameter looks like a global VFS parameter. Does this
> mean that any other VFS module which outputs debug information (I don't
> know if others exist) will be affected by it?
>
> > 	log level = 0 vfs:[012]
> > 	syslog = 0
> > ie:
> > 	log level = 0 vfs:0
> > or	log level = 0 vfs:1
> > or	log level = 0 vfs:2
> >
> > In this example, syslog information will be only critical general samba
>
> I just tried these settings:
>
>         log file = /var/log/samba/%m.%U.log
>         syslog = 0
> 	log level = 0 vfs:2
> 	max log size = 0
>
> ...and restarted samba (3.0.7), but I still get lots of smbd_audit stuff
> in syslog, and ONLY in syslog (i.e. not in samba logfiles): open, close,
> opendir, rename, chmod...
>
> > Despite recent criticism regarding the difficulty of establishing
> > acceptable
>
> I'm not critic regarding audit, I'm critic regarding docs about it. ;)
>
> Let me explain: when using Samba 2.x I expressed on some mailing lists the
> desire for good auditing on file access, and I was told that the audit VFS
> module in Samba 3 was the answer to my problems. I now finally got to use
> Samba 3, but I felt lost regarding the way to obtain usable audit logs,
> and so a bit disappointed.
>
> As far as I can see, this is a fairly popular topic, so maybe it should be
> documented in more detail, covering all doubts users seem to express on
> the subject.
> Anyway your new additions to the howto are already a good step forward, I
> now have a clearer idea of what I should do.
>
> --
> Ciao,
>   Marco.
>
> ..."Kid A", Radiohead 2000

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

More information about the samba mailing list