manpagez: man pages & more
man vfs_full_audit(8)
Home | html | info | man
vfs_full_audit(8)                                            vfs_full_audit(8)




NAME

       vfs_full_audit - record Samba VFS operations in the system log


SYNOPSIS

       vfs objects = full_audit


DESCRIPTION

       This VFS module is part of the samba(7) suite.

       The vfs_full_audit VFS module records selected client operations to the
       system log using syslog(3).

       vfs_full_audit is able to record the complete set of Samba  VFS  opera-
       tions:

          aio_cancel

          aio_error

          aio_fsync

          aio_read

          aio_return

          aio_suspend

          aio_write

          chdir

          chflags

          chmod

          chmod_acl

          chown

          close

          closedir

          connect

          disconnect

          disk_free

          fchmod

          fchmod_acl

          fchown

          fget_nt_acl

          fgetxattr

          flistxattr

          fremovexattr

          fset_nt_acl

          fsetxattr

          fstat

          fsync

          ftruncate

          get_nt_acl

          get_quota

          get_shadow_copy_data

          getlock

          getwd

          getxattr

          kernel_flock

          lgetxattr

          link

          linux_setlease

          listxattr

          llistxattr

          lock

          lremovexattr

          lseek

          lsetxattr

          lstat

          mkdir

          mknod

          open

          opendir

          pread

          pwrite

          read

          readdir

          readlink

          realpath

          removexattr

          rename

          rewinddir

          rmdir

          seekdir

          sendfile

          set_nt_acl

          set_quota

          setxattr

          stat

          statvfs

          symlink

          sys_acl_add_perm

          sys_acl_clear_perms

          sys_acl_create_entry

          sys_acl_delete_def_file

          sys_acl_free_acl

          sys_acl_free_qualifier

          sys_acl_free_text

          sys_acl_get_entry

          sys_acl_get_fd

          sys_acl_get_file

          sys_acl_get_perm

          sys_acl_get_permset

          sys_acl_get_qualifier

          sys_acl_get_tag_type

          sys_acl_init

          sys_acl_set_fd

          sys_acl_set_file

          sys_acl_set_permset

          sys_acl_set_qualifier

          sys_acl_set_tag_type

          sys_acl_to_text

          sys_acl_valid

          telldir

          unlink

          utime

          write

       In  addition to these operations, vfs_full_audit recognizes the special
       operation names "all" and "none ", which refer to all  the  VFS  opera-
       tions and none of the VFS operations respectively.

       vfs_full_audit  records operations in fixed format consisting of fields
       separated by '|' characters. The format is:


                 smbd_audit: PREFIX|OPERATION|RESULT|FILE


       The record fields are:

       o  PREFIX - the result of the full_audit:prefix string  after  variable
          substitutions

       o  OPERATION - the name of the VFS operation

       o  RESULT - whether the operation succeeded or failed

       o  FILE - the name of the file or directory the operation was performed
          on

       This module is stackable.


OPTIONS

       vfs_full_audit:prefix = STRING
          Prepend audit messages with STRING. STRING is processed for standard
          substitution  variables listed in smb.conf(5). The default prefix is
          "%u|%I".

       vfs_full_audit:success = LIST
          LIST is a list of VFS operations that should  be  recorded  if  they
          succeed. Operations are specified using the names listed above.

       vfs_full_audit:failure = LIST
          LIST  is  a  list  of VFS operations that should be recorded if they
          failed. Operations are specified using the names listed above.

       full_audit:facility = FACILITY
          Log messages to the named syslog(3) facility.

       full_audit:priority = PRIORITY
          Log messages with the named syslog(3) priority.


EXAMPLES

       Log file and directory open operations on the [records] share using the
       LOCAL7  facility  and  ALERT  priority,  including  the username and IP
       address:


               [records]
            path = /data/records
            vfs objects = full_audit
            full_audit:prefix = %u|%I
            full_audit:success = open opendir
            full_audit:failure = all
            full_audit:facility = LOCAL7
            full_audit:priority = ALERT



VERSION

       This man page is correct for version 3.0.25 of the Samba suite.


AUTHOR

       The original Samba software  and  related  utilities  were  created  by
       Andrew  Tridgell.  Samba  is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.




                                                             vfs_full_audit(8)

Mac OS X 10.6 - Generated Thu Sep 17 20:26:30 CDT 2009
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.