[Samba] samba file access rate limiting

Petr info at admin.jevklidu.cz
Tue Dec 6 12:44:09 UTC 2022


I have one share with sensitive data and there is many employees with 
access to that share. I need to ban users trying to copy files from 
share to other place but users normally editing files left without any 

I want to set proper logging and set fail2ban to ban user accessing too 
many files in some time limit.

I have not find solution how to set samba to log every file access. The 
current configuration snippet is below.

vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = create_file

Problem is that it logs directory access too and sometimes it generates 
many duplicite lines and it will be hard to define correct regex for 

Do you have any advice how to properly set file reading logging?

Thank you

More information about the samba mailing list