I'd like to log activity that my samba server is doing.
CentOS 6 Samba includes the vfs_full_audit module which will do what you want. Add to /etc/samba/smb.conf:
vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdir rename unlink rmdir pwrite
full_audit:failure = none
Other options should be visible through the vfs_full_audit
Note: it may be tempting to add read
the success list; you can do that, but on any non-trivial share it will quickly overwhelm the syslog (you might be interested in v5 rate limiting
). Similarly adding all
to the success list will overwhelm the syslog. The example here is one where you are interested in changes made, and don't care about non-change related access.