[Samba] How should audit logging work?
jra at samba.org
Tue Oct 12 17:43:43 UTC 2021
On Tue, Oct 12, 2021 at 06:38:36PM +0100, Nick Howitt via samba wrote:
>So far I see I may want some or all of:
>get_alloc_size #not sure
>realpath #not sure
>connectpath #not sure
>Also what I probably don't want is:
>But there are otherl like "stat" and so on.
You don't want stat or fstat. We use that in
a lot of places as a test for existence.
>Does anyone have any documentation on what all these operations are?
Mostly POSIX operations (i.e. man 2 openat).
>Also does anyone have any suggestions for a good set of operations to
As for "who did what", you probably want modification
operations, not read operations (unless you need to
know who accessed a file also).
More information about the samba