[Samba] How should audit logging work?

Jeremy Allison jra at samba.org
Tue Oct 12 17:43:43 UTC 2021

On Tue, Oct 12, 2021 at 06:38:36PM +0100, Nick Howitt via samba wrote:
>So far I see I may want some or all of:
>get_alloc_size #not sure
>realpath #not sure
>connectpath #not sure
>Also what I probably don't want is:
>But there are otherl like "stat" and so on.

You don't want stat or fstat. We use that in
a lot of places as a test for existence.

>Does anyone have any documentation on what all these operations are?

Mostly POSIX operations (i.e. man 2 openat).

>Also does anyone have any suggestions for a good set of operations to 

As for "who did what", you probably want modification
operations, not read operations (unless you need to
know who accessed a file also).

More information about the samba mailing list