[Samba] full_audit logs way too much
Kees van Vloten
keesvanvloten at gmail.com
Wed Jun 15 19:45:54 UTC 2022
Op 15-06-2022 om 20:55 schreef Jeremy Allison via samba:
> On Wed, Jun 15, 2022 at 05:12:45PM +0100, Rowland Penny via samba wrote:
>> On Wed, 2022-06-15 at 17:26 +0200, Kees van Vloten via samba wrote:
>>> Hi Team,
>>> I have enabled full_audit logging on a (domain-member) file-server
>>> (running 4.15.7 from Louis on Bullseye)
>>> log level = 3
>>> full_audit:success = pwrite write rename
>> There have been changes, try replacing 'rename' with 'renameat'.
>> I think what is happening is that because 'rename is now an error, it
>> is defaulting to 'all'.
> We should probably just log a debug message
> about the unknown name and then ignore the
> unknown name instead of going full "ALL"
> on the audit.
> Rowland, can you log a bug on this so
> we can track getting a fix. This problem keeps
> coming up and is a pain point for users.
> Thanks !
That is indeed better, with the current behaviour the log filesystem
went to 100% in pretty short time.
If Rowland did not do it already I can create the bug as well.
More information about the samba