[Samba] vfs_full_audit and facility 'auth'...

Rowland Penny rpenny at samba.org
Fri May 11 15:00:33 UTC 2018


On Fri, 11 May 2018 16:46:55 +0200
"Timur I. Bakeyev" <timur at freebsd.org> wrote:

> On 11 May 2018 at 10:58, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> 
> > On Fri, 11 May 2018 09:14:24 +0200
> > Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> >
> > > Mandi! Rowland Penny via samba
> > >   In chel di` si favelave...
> > >
> > > > You would replace 'FACILITY' with one of the facilities shown in
> > > > 'man syslog' e.g. full_audit:facility = LOG_AUTH
> > >
> > > OK, done. But samba (as stated in previous email) still reply:
> > >
> > >  [2018/05/08 17:34:42.388486,
> > > 0] ../source3/param/loadparm.c:1179(lp_enum)
> > > lp_enum(LOG_AUTH,enum): value is not in enum_list!
> > >
> > > so seems that 'auth' and also 'LOG_AUTH' is not a valid keyword...
> > >
> > >
> > > (debian jessie, systemd, samba 4.5 from louis repository)
> > >
> >
> > OK, if you look in 'man vfs_full_audit' is says this:
> >
> >         full_audit:facility = FACILITY
> >            Log messages to the named syslog(3) facility.
> >
> > If you then examine 'man syslog', 'LOG_AUTH' is a listed facility,
> > but I can confirm that using it with vfs_full_audit doesn't work,
> > 'LOCAL5' does.
> >
> > Does anybody know which of the facilities listed in 'man syslog'
> > actually work ? or do I have try each of them to find out ?
> >
> >
> Use the source, Like! (c)

Well yes, it is all very well and good saying that, but it depends on
two things, knowing where to look and then understanding C. I didn't
know where to look and to me 'C' comes between B & D ;-)

> 
> static int audit_syslog_facility(vfs_handle_struct *handle)
> {
>         static const struct enum_list enum_log_facilities[] = {
>                 { LOG_USER, "USER" },
>                 { LOG_LOCAL0, "LOCAL0" },
>                 { LOG_LOCAL1, "LOCAL1" },
>                 { LOG_LOCAL2, "LOCAL2" },
>                 { LOG_LOCAL3, "LOCAL3" },
>                 { LOG_LOCAL4, "LOCAL4" },
>                 { LOG_LOCAL5, "LOCAL5" },
>                 { LOG_LOCAL6, "LOCAL6" },
>                 { LOG_LOCAL7, "LOCAL7" },
>                 { -1, NULL}
>         };
> 
>         int facility;
> 
>         facility = lp_parm_enum(SNUM(handle->conn), "full_audit",
> "facility", enum_log_facilities, LOG_USER);
> 
>         return facility;
> }
> 
> Clearly, the only possible facilities are LOCAL* and USER. That
> raises the question why it's not mentioned in the man page and why is
> this limitation in place?

Good questions and I don't know the answers to them, the other question
is, why does the man page say you can use any syslog facility when
obviously you cannot ?

Rowland





More information about the samba mailing list