For When You Can't Have The Real Thing
[ start | index | login ]
start > CentOS > 6 > samba > Samba full_audit

Samba full_audit

Created by dave. Last edited by dave, 320 days ago. Viewed 499 times. #1
[edit] [rdf]
labels
attachments
(2016-11-07)

Problem

I'd like to log activity that my samba server is doing.

Solution

CentOS 6 Samba includes the vfs_full_audit module which will do what you want. Add to /etc/samba/smb.conf:

vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdir rename unlink rmdir pwrite
full_audit:failure = none

...and restart.

(>>Source)

Other options should be visible through the vfs_full_audit man page.

Note: it may be tempting to add read the success list; you can do that, but on any non-trivial share it will quickly overwhelm the syslog (you might be interested in v5 rate limiting). Similarly adding all to the success list will overwhelm the syslog. The example here is one where you are interested in changes made, and don't care about non-change related access.

no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (0)
… and 38 Guests.


Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 6 years and 255 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt