[Samba] module vfs_full_audit events not logged
Anderson Sampaio Mello
anderson.sampaio.mello at gmail.com
Thu Dec 1 22:58:04 UTC 2022
Hello samba team, how are you?
I use version 4.15.4 of samba configured as a member server, and I have the
vfs_full_audit module configured.
My difficulty is making the module generate the following records:
1st - Recording in the file
2nd - Reading the file
3rd - File creation
The create_file event, generates the log informing the creation of the file
and its opening, but it also generates much more information (duplicates),
the write event, does not generate any log, pread does not generate log
regarding file reading and pwrite does not generate log write to file.
The linkat event also does not generate records regarding the creation of
files and directories. maybe it's used for a special file, like symlinks?
Am I reading incorrectly what each event does?
The documentation doesn't have a description of what each event does, so
I'm lost, can someone help me or give me a direction?
The vfs_full_audit module is configured as follows:
full_audit:success = open, create_file, pread, pwrite, renameat, mkdirat,
unlinkat, linkat
full_audit:failure = open, create_file, pread, pwrite, renameat, mkdirat,
unlinkat, linkat
full_audit:facility = local5
full_audit:priority = alert
full_audit:prefix = %I|%S|%u
Thanks
More information about the samba
mailing list