[Samba] vfs_full_audit and facility 'auth'...
Timur I. Bakeyev
timur at freebsd.org
Fri May 11 14:46:55 UTC 2018
On 11 May 2018 at 10:58, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Fri, 11 May 2018 09:14:24 +0200
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > Mandi! Rowland Penny via samba
> > In chel di` si favelave...
> >
> > > You would replace 'FACILITY' with one of the facilities shown in
> > > 'man syslog' e.g. full_audit:facility = LOG_AUTH
> >
> > OK, done. But samba (as stated in previous email) still reply:
> >
> > [2018/05/08 17:34:42.388486,
> > 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum):
> > value is not in enum_list!
> >
> > so seems that 'auth' and also 'LOG_AUTH' is not a valid keyword...
> >
> >
> > (debian jessie, systemd, samba 4.5 from louis repository)
> >
>
> OK, if you look in 'man vfs_full_audit' is says this:
>
> full_audit:facility = FACILITY
> Log messages to the named syslog(3) facility.
>
> If you then examine 'man syslog', 'LOG_AUTH' is a listed facility, but
> I can confirm that using it with vfs_full_audit doesn't work, 'LOCAL5'
> does.
>
> Does anybody know which of the facilities listed in 'man syslog'
> actually work ? or do I have try each of them to find out ?
>
>
Use the source, Like! (c)
static int audit_syslog_facility(vfs_handle_struct *handle)
{
static const struct enum_list enum_log_facilities[] = {
{ LOG_USER, "USER" },
{ LOG_LOCAL0, "LOCAL0" },
{ LOG_LOCAL1, "LOCAL1" },
{ LOG_LOCAL2, "LOCAL2" },
{ LOG_LOCAL3, "LOCAL3" },
{ LOG_LOCAL4, "LOCAL4" },
{ LOG_LOCAL5, "LOCAL5" },
{ LOG_LOCAL6, "LOCAL6" },
{ LOG_LOCAL7, "LOCAL7" },
{ -1, NULL}
};
int facility;
facility = lp_parm_enum(SNUM(handle->conn), "full_audit",
"facility", enum_log_facilities, LOG_USER);
return facility;
}
Clearly, the only possible facilities are LOCAL* and USER. That raises the
question why it's not mentioned in the man page and why is this limitation
in place?
With regards,
Timur Bakeyev.
More information about the samba
mailing list