[Samba] Samba audit
Andrea Cucciarre'
acucciarre at cloudian.com
Thu May 28 11:39:45 UTC 2020
Hello,
My goal is to audit allowed or denied access to files and directories in
the share.
I'm trying to use vfs_full_audit and vfs_audit, to audit all the access
(allowed or denied) to files and directory.
The smb.conf entry for my share are the following:
[test_link]
available = yes
browsable = yes
hf:volume = test_link
nfs4: acedup = merge
nfs4: mode = special
path = /test_link
read only = no
vfs objects = hf_vss hf_offline zfsacl audit
wide links = yes
dfree command = /ovmh/bin/dfree
audit:facility = LOCAL7
audit:priority = ALERT
I have also tried the vfs_full_audit, same config as the example in:
https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html
I have verified that my syslogd accept and log local7.alert event.
However, I don't get any audit log when windows client access the files
in the share.
Could you please advice how to configure such auditing in Samba, or how
to further investigate why my config is not working?
--
Regards
Andrea Cucciarre'
More information about the samba
mailing list