[Samba] Samba audit

Andrea Cucciarre' acucciarre at cloudian.com
Thu May 28 11:39:45 UTC 2020


My goal is to audit allowed or denied access to files and directories in 
the share.
I'm trying to use vfs_full_audit and vfs_audit, to audit all the access 
(allowed or denied) to files and directory.
The smb.conf entry for my share are the following:

available = yes
browsable = yes
hf:volume = test_link
nfs4: acedup = merge
nfs4: mode = special
path = /test_link
read only = no
vfs objects = hf_vss hf_offline zfsacl audit
wide links = yes
dfree command = /ovmh/bin/dfree
audit:facility = LOCAL7
audit:priority = ALERT

I have also tried the vfs_full_audit, same config as the example in:


I have verified that my syslogd accept and log local7.alert event.
However, I don't get any audit log when windows client access the files 
in the share.
Could you please advice how to configure such auditing in Samba, or how 
to further investigate why my config is not working?


Andrea Cucciarre'

More information about the samba mailing list