[Samba] VFS audit
Deryck Hodge
deryck at samba.org
Tue Feb 7 17:24:14 GMT 2006
On 2/2/06, Ryan Taylor <rtaylor82 at gmail.com> wrote:
> Not only is it harder to parse but it doesn't show
> open/close/edit/etc.. of files and seems completely different than
> 'audit'.
>
> I am just wondering if there is a way to get 'audit' results into the
> logfile other than syslog.
>
With any of the audit modules, you can direct the entries being sent
to syslog to an external file.
In smb.conf, something like the following
vfs objects = full_audit
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
will allow you to do this in /etc/syslog.conf:
local5.notice /path/to/another/log
Restart or reload syslogd and away you go.
Cheers,
deryck
--
Deryck Hodge
http://www.devurandom.org/
http://www.samba.org/
"Aimless days, uncool ways of decathecting" --Mike Doughty (2005)
More information about the samba
mailing list