Hi John ,
i just tried your examples with suse 9.0 samba 3.07
in globals
log file = /var/log/samba/%m.log
log level = vfs:2
syslog = 0
works but i have only create and rename messages in the log
a deletion is named unlinked ( sound miracle to me )
log file = /var/log/samba/%U.%m.log
creates test.testmachine.log
but only extd_audit is written to .testmachine.log
(%U.%m.log this doesnt work )
i have it like this in the share
[files3]
comment = public files
path = /files3
read only = No
guest ok = Yes
browseable = Yes
csc policy = disable
vfs objects = vscan-clamav, netatalk, extd_audit, recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP
recycle:exclude_dir= /tmp,/temp,/cache
recycle:repository = .recycle/.recycle.%u
recycle:noversions = *.doc,*.xls,*.ppt
wheres my mistake?
and do you no what this full_audit module is?
---
[2004/09/23 14:37:14, 1] modules/vfs_extd_audit.c:audit_fchmod_acl(322)
vfs_extd_audit: fchmod_acl Neu Textdokument.txt mode 0x1e4 failed:
Keine Daten verfügbarvfs_extd_audit: opendir ./
[2004/09/23 14:37:14, 1] modules/vfs_extd_audit.c:audit_opendir(141)
[2004/09/23 14:37:40, 1] modules/vfs_extd_audit.c:audit_rename(232)
vfs_extd_audit: rename old: ./Neu Textdokument.txt new: ./testfile.txt
[2004/09/23 14:37:40, 1] modules/vfs_extd_audit.c:audit_opendir(141)
[2004/09/23 14:37:45, 0] modules/vfs_extd_audit.c:audit_unlink(250)
vfs_extd_audit: unlink testfile.txt
[2004/09/23 14:37:45, 1] modules/vfs_extd_audit.c:audit_opendir(141)
-
log level = 0 vfs:2 produces nothing in the logs
Regards
John H Terpstra schrieb:
Folks,
Given recent discussion on this list I have just updated the master Samba-Docs
information regarding the Debug Class (Log Level) settings and the audit
information each causes to be logged. This will appear in on-line versions of
the Samba-HOWTO-Collection within 24 hours. To obtain an updated version
point your browser at:
http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
The purpose of the extd_audit (Extended Audit) module is to permit logging of
critical file and directory access to BOTH syslog as well as to individual
log files. To create individual log file you can use:
log file = /var/log/samba/%U.%m.log
log level = 0 vfs:[012]
syslog = 0
ie:
log level = 0 vfs:0
or log level = 0 vfs:1
or log level = 0 vfs:2
In this example, syslog information will be only critical general samba
information, plus full detail for all VFS modules up to the log level
specified.
Please refer to the documentation in the VFS Modules chapter - the information
logged has changed from what was previously documented.
This will create an individual per-user-per-client log of all level 0, 1, or 2
action. See also the updated chapter on Debugging Samba (Chapter 34.3.1).
Despite recent criticism regarding the difficulty of establishing acceptable
auditing logs, this module is in use in a number of sites that require strict
auditability of file and directory operations.
Enjoy.
- John T.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
