Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.2.x/docs-xml/manpages-3/vfs_full_audit.8.xml

Visit:

Last change on this file was 203, checked in by Herwig Bauernfeind, 17 years ago
Missing 3.2.2 client and HOWTO files
File size: 8.4 KB

Line
1	<?xml version="1.0" encoding="iso-8859-1"?>
2	<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3	<refentry id="vfs_full_audit.8">
4
5	<refmeta>
6	<refentrytitle>vfs_full_audit</refentrytitle>
7	<manvolnum>8</manvolnum>
8	<refmiscinfo class="source">Samba</refmiscinfo>
9	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
10	<refmiscinfo class="version">3.2</refmiscinfo>
11	</refmeta>
12
13
14	<refnamediv>
15	<refname>vfs_full_audit</refname>
16	<refpurpose>record Samba VFS operations in the system log</refpurpose>
17	</refnamediv>
18
19	<refsynopsisdiv>
20	<cmdsynopsis>
21	<command>vfs objects = full_audit</command>
22	</cmdsynopsis>
23	</refsynopsisdiv>
24
25	<refsect1>
26	<title>DESCRIPTION</title>
27
28	<para>This VFS module is part of the
29	<citerefentry><refentrytitle>samba</refentrytitle>
30	<manvolnum>7</manvolnum></citerefentry> suite.</para>
31
32	<para>The <command>vfs_full_audit</command> VFS module records selected
33	client operations to the system log using
34	<citerefentry><refentrytitle>syslog</refentrytitle>
35	<manvolnum>3</manvolnum></citerefentry>.</para>
36
37	<para><command>vfs_full_audit</command> is able to record the
38	complete set of Samba VFS operations:</para>
39
40	<simplelist>
41	<member>aio_cancel</member>
42	<member>aio_error</member>
43	<member>aio_fsync</member>
44	<member>aio_read</member>
45	<member>aio_return</member>
46	<member>aio_suspend</member>
47	<member>aio_write</member>
48	<member>chdir</member>
49	<member>chflags</member>
50	<member>chmod</member>
51	<member>chmod_acl</member>
52	<member>chown</member>
53	<member>close</member>
54	<member>closedir</member>
55	<member>connect</member>
56	<member>disconnect</member>
57	<member>disk_free</member>
58	<member>fchmod</member>
59	<member>fchmod_acl</member>
60	<member>fchown</member>
61	<member>fget_nt_acl</member>
62	<member>fgetxattr</member>
63	<member>flistxattr</member>
64	<member>fremovexattr</member>
65	<member>fset_nt_acl</member>
66	<member>fsetxattr</member>
67	<member>fstat</member>
68	<member>fsync</member>
69	<member>ftruncate</member>
70	<member>get_nt_acl</member>
71	<member>get_quota</member>
72	<member>get_shadow_copy_data</member>
73	<member>getlock</member>
74	<member>getwd</member>
75	<member>getxattr</member>
76	<member>kernel_flock</member>
77	<member>lgetxattr</member>
78	<member>link</member>
79	<member>linux_setlease</member>
80	<member>listxattr</member>
81	<member>llistxattr</member>
82	<member>lock</member>
83	<member>lremovexattr</member>
84	<member>lseek</member>
85	<member>lsetxattr</member>
86	<member>lstat</member>
87	<member>mkdir</member>
88	<member>mknod</member>
89	<member>open</member>
90	<member>opendir</member>
91	<member>pread</member>
92	<member>pwrite</member>
93	<member>read</member>
94	<member>readdir</member>
95	<member>readlink</member>
96	<member>realpath</member>
97	<member>removexattr</member>
98	<member>rename</member>
99	<member>rewinddir</member>
100	<member>rmdir</member>
101	<member>seekdir</member>
102	<member>sendfile</member>
103	<member>set_nt_acl</member>
104	<member>set_quota</member>
105	<member>setxattr</member>
106	<member>stat</member>
107	<member>statvfs</member>
108	<member>symlink</member>
109	<member>sys_acl_add_perm</member>
110	<member>sys_acl_clear_perms</member>
111	<member>sys_acl_create_entry</member>
112	<member>sys_acl_delete_def_file</member>
113	<member>sys_acl_free_acl</member>
114	<member>sys_acl_free_qualifier</member>
115	<member>sys_acl_free_text</member>
116	<member>sys_acl_get_entry</member>
117	<member>sys_acl_get_fd</member>
118	<member>sys_acl_get_file</member>
119	<member>sys_acl_get_perm</member>
120	<member>sys_acl_get_permset</member>
121	<member>sys_acl_get_qualifier</member>
122	<member>sys_acl_get_tag_type</member>
123	<member>sys_acl_init</member>
124	<member>sys_acl_set_fd</member>
125	<member>sys_acl_set_file</member>
126	<member>sys_acl_set_permset</member>
127	<member>sys_acl_set_qualifier</member>
128	<member>sys_acl_set_tag_type</member>
129	<member>sys_acl_to_text</member>
130	<member>sys_acl_valid</member>
131	<member>telldir</member>
132	<member>unlink</member>
133	<member>utime</member>
134	<member>write</member>
135	</simplelist>
136
137	<para>In addition to these operations,
138	<command>vfs_full_audit</command> recognizes the special operation
139	names "all" and "none ", which refer to all
140	the VFS operations and none of the VFS operations respectively.
141	</para>
142
143	<para><command>vfs_full_audit</command> records operations in fixed
144	format consisting of fields separated by '\|' characters. The
145	format is: </para>
146	<programlisting>
147	smbd_audit: PREFIX\|OPERATION\|RESULT\|FILE
148	</programlisting>
149
150	<para>The record fields are:</para>
151
152	<itemizedlist>
153	<listitem><para><command>PREFIX</command> - the result of the full_audit:prefix string after variable substitutions</para></listitem>
154	<listitem><para><command>OPERATION</command> - the name of the VFS operation</para></listitem>
155	<listitem><para><command>RESULT</command> - whether the operation succeeded or failed</para></listitem>
156	<listitem><para><command>FILE</command> - the name of the file or directory the operation was performed on</para></listitem>
157
158	</itemizedlist>
159
160	<para>This module is stackable.</para>
161
162	</refsect1>
163
164
165	<refsect1>
166	<title>OPTIONS</title>
167
168	<variablelist>
169
170	<varlistentry>
171	<term>vfs_full_audit:prefix = STRING</term>
172	<listitem>
173	<para>Prepend audit messages with STRING. STRING is
174	processed for standard substitution variables listed in
175	<citerefentry><refentrytitle>smb.conf</refentrytitle>
176	<manvolnum>5</manvolnum></citerefentry>. The default
177	prefix is "%u\|%I". </para>
178
179	</listitem>
180	</varlistentry>
181
182	<varlistentry>
183	<term>vfs_full_audit:success = LIST</term>
184	<listitem>
185	<para>LIST is a list of VFS operations that should be
186	recorded if they succeed. Operations are specified using
187	the names listed above.
188	</para>
189
190	</listitem>
191	</varlistentry>
192
193	<varlistentry>
194	<term>vfs_full_audit:failure = LIST</term>
195	<listitem>
196	<para>LIST is a list of VFS operations that should be
197	recorded if they failed. Operations are specified using
198	the names listed above.
199	</para>
200
201	</listitem>
202	</varlistentry>
203
204	<varlistentry>
205	<term>full_audit:facility = FACILITY</term>
206	<listitem>
207	<para>Log messages to the named
208	<citerefentry><refentrytitle>syslog</refentrytitle>
209	<manvolnum>3</manvolnum></citerefentry> facility.
210
211	</para>
212
213	</listitem>
214	</varlistentry>
215
216	<varlistentry>
217	<term>full_audit:priority = PRIORITY</term>
218	<listitem>
219	<para>Log messages with the named
220	<citerefentry><refentrytitle>syslog</refentrytitle>
221	<manvolnum>3</manvolnum></citerefentry> priority.
222	</para>
223
224	</listitem>
225	</varlistentry>
226
227	</variablelist>
228	</refsect1>
229
230	<refsect1>
231	<title>EXAMPLES</title>
232
233	<para>Log file and directory open operations on the [records]
234	share using the LOCAL7 facility and ALERT priority, including
235	the username and IP address:</para>
236
237	<programlisting>
238	<smbconfsection name="[records]"/>
239	<smbconfoption name="path">/data/records</smbconfoption>
240	<smbconfoption name="vfs objects">full_audit</smbconfoption>
241	<smbconfoption name="full_audit:prefix">%u\|%I</smbconfoption>
242	<smbconfoption name="full_audit:success">open opendir</smbconfoption>
243	<smbconfoption name="full_audit:failure">all</smbconfoption>
244	<smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
245	<smbconfoption name="full_audit:priority">ALERT</smbconfoption>
246	</programlisting>
247
248	</refsect1>
249
250	<refsect1>
251	<title>VERSION</title>
252	<para>This man page is correct for version 3.0.25 of the Samba suite.
253	</para>
254	</refsect1>
255
256	<refsect1>
257	<title>AUTHOR</title>
258
259	<para>The original Samba software and related utilities
260	were created by Andrew Tridgell. Samba is now developed
261	by the Samba Team as an Open Source project similar
262	to the way the Linux kernel is developed.</para>
263
264	</refsect1>
265
266	</refentry>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: