Changeset 134 for branches/samba-3.0/docs/manpages/vfs_full_audit.8
- Timestamp:
- May 23, 2008, 6:56:41 AM (18 years ago)
- File:
-
- 1 edited
-
branches/samba-3.0/docs/manpages/vfs_full_audit.8 (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/docs/manpages/vfs_full_audit.8
r44 r134 1 .\"Generated by db2man.xsl. Don't modify this, modify the source. 2 .de Sh \" Subsection 3 .br 4 .if t .Sp 5 .ne 5 6 .PP 7 \fB\\$1\fR 8 .PP 9 .. 10 .de Sp \" Vertical space (when we can't use .PP) 11 .if t .sp .5v 12 .if n .sp 13 .. 14 .de Ip \" List item 15 .br 16 .ie \\n(.$>=3 .ne \\$3 17 .el .ne 3 18 .IP "\\$1" \\$2 19 .. 20 .TH "VFS_FULL_AUDIT" 8 "" "" "" 1 .\" Title: vfs_full_audit 2 .\" Author: 3 .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/> 4 .\" Date: 05/21/2008 5 .\" Manual: System Administration tools 6 .\" Source: Samba 3.0 7 .\" 8 .TH "VFS_FULL_AUDIT" "8" "05/21/2008" "Samba 3\.0" "System Administration tools" 9 .\" disable hyphenation 10 .nh 11 .\" disable justification (adjust text to left margin only) 12 .ad l 21 13 .SH "NAME" 22 14 vfs_full_audit - record Samba VFS operations in the system log … … 28 20 This VFS module is part of the 29 21 \fBsamba\fR(7) 30 suite .22 suite. 31 23 .PP 32 24 The 33 25 vfs_full_audit 34 26 VFS module records selected client operations to the system log using 35 \fBsyslog\fR(3) .27 \fBsyslog\fR(3). 36 28 .PP 37 29 vfs_full_audit 38 30 is able to record the complete set of Samba VFS operations: 39 .IP "" 3n31 .IP "" 40 32 aio_cancel 41 .IP "" 3n33 .IP "" 42 34 aio_error 43 .IP "" 3n35 .IP "" 44 36 aio_fsync 45 .IP "" 3n37 .IP "" 46 38 aio_read 47 .IP "" 3n39 .IP "" 48 40 aio_return 49 .IP "" 3n41 .IP "" 50 42 aio_suspend 51 .IP "" 3n43 .IP "" 52 44 aio_write 53 .IP "" 3n45 .IP "" 54 46 chdir 55 .IP "" 3n47 .IP "" 56 48 chflags 57 .IP "" 3n49 .IP "" 58 50 chmod 59 .IP "" 3n51 .IP "" 60 52 chmod_acl 61 .IP "" 3n53 .IP "" 62 54 chown 63 .IP "" 3n55 .IP "" 64 56 close 65 .IP "" 3n57 .IP "" 66 58 closedir 67 .IP "" 3n59 .IP "" 68 60 connect 69 .IP "" 3n61 .IP "" 70 62 disconnect 71 .IP "" 3n63 .IP "" 72 64 disk_free 73 .IP "" 3n65 .IP "" 74 66 fchmod 75 .IP "" 3n67 .IP "" 76 68 fchmod_acl 77 .IP "" 3n69 .IP "" 78 70 fchown 79 .IP "" 3n71 .IP "" 80 72 fget_nt_acl 81 .IP "" 3n73 .IP "" 82 74 fgetxattr 83 .IP "" 3n75 .IP "" 84 76 flistxattr 85 .IP "" 3n77 .IP "" 86 78 fremovexattr 87 .IP "" 3n79 .IP "" 88 80 fset_nt_acl 89 .IP "" 3n81 .IP "" 90 82 fsetxattr 91 .IP "" 3n83 .IP "" 92 84 fstat 93 .IP "" 3n85 .IP "" 94 86 fsync 95 .IP "" 3n87 .IP "" 96 88 ftruncate 97 .IP "" 3n89 .IP "" 98 90 get_nt_acl 99 .IP "" 3n91 .IP "" 100 92 get_quota 101 .IP "" 3n93 .IP "" 102 94 get_shadow_copy_data 103 .IP "" 3n95 .IP "" 104 96 getlock 105 .IP "" 3n97 .IP "" 106 98 getwd 107 .IP "" 3n99 .IP "" 108 100 getxattr 109 .IP "" 3n101 .IP "" 110 102 kernel_flock 111 .IP "" 3n103 .IP "" 112 104 lgetxattr 113 .IP "" 3n105 .IP "" 114 106 link 115 .IP "" 3n107 .IP "" 116 108 linux_setlease 117 .IP "" 3n109 .IP "" 118 110 listxattr 119 .IP "" 3n111 .IP "" 120 112 llistxattr 121 .IP "" 3n113 .IP "" 122 114 lock 123 .IP "" 3n115 .IP "" 124 116 lremovexattr 125 .IP "" 3n117 .IP "" 126 118 lseek 127 .IP "" 3n119 .IP "" 128 120 lsetxattr 129 .IP "" 3n121 .IP "" 130 122 lstat 131 .IP "" 3n123 .IP "" 132 124 mkdir 133 .IP "" 3n125 .IP "" 134 126 mknod 135 .IP "" 3n127 .IP "" 136 128 open 137 .IP "" 3n129 .IP "" 138 130 opendir 139 .IP "" 3n131 .IP "" 140 132 pread 141 .IP "" 3n133 .IP "" 142 134 pwrite 143 .IP "" 3n135 .IP "" 144 136 read 145 .IP "" 3n137 .IP "" 146 138 readdir 147 .IP "" 3n139 .IP "" 148 140 readlink 149 .IP "" 3n141 .IP "" 150 142 realpath 151 .IP "" 3n143 .IP "" 152 144 removexattr 153 .IP "" 3n145 .IP "" 154 146 rename 155 .IP "" 3n147 .IP "" 156 148 rewinddir 157 .IP "" 3n149 .IP "" 158 150 rmdir 159 .IP "" 3n151 .IP "" 160 152 seekdir 161 .IP "" 3n153 .IP "" 162 154 sendfile 163 .IP "" 3n155 .IP "" 164 156 set_nt_acl 165 .IP "" 3n157 .IP "" 166 158 set_quota 167 .IP "" 3n159 .IP "" 168 160 setxattr 169 .IP "" 3n161 .IP "" 170 162 stat 171 .IP "" 3n163 .IP "" 172 164 statvfs 173 .IP "" 3n165 .IP "" 174 166 symlink 175 .IP "" 3n167 .IP "" 176 168 sys_acl_add_perm 177 .IP "" 3n169 .IP "" 178 170 sys_acl_clear_perms 179 .IP "" 3n171 .IP "" 180 172 sys_acl_create_entry 181 .IP "" 3n173 .IP "" 182 174 sys_acl_delete_def_file 183 .IP "" 3n175 .IP "" 184 176 sys_acl_free_acl 185 .IP "" 3n177 .IP "" 186 178 sys_acl_free_qualifier 187 .IP "" 3n179 .IP "" 188 180 sys_acl_free_text 189 .IP "" 3n181 .IP "" 190 182 sys_acl_get_entry 191 .IP "" 3n183 .IP "" 192 184 sys_acl_get_fd 193 .IP "" 3n185 .IP "" 194 186 sys_acl_get_file 195 .IP "" 3n187 .IP "" 196 188 sys_acl_get_perm 197 .IP "" 3n189 .IP "" 198 190 sys_acl_get_permset 199 .IP "" 3n191 .IP "" 200 192 sys_acl_get_qualifier 201 .IP "" 3n193 .IP "" 202 194 sys_acl_get_tag_type 203 .IP "" 3n195 .IP "" 204 196 sys_acl_init 205 .IP "" 3n197 .IP "" 206 198 sys_acl_set_fd 207 .IP "" 3n199 .IP "" 208 200 sys_acl_set_file 209 .IP "" 3n201 .IP "" 210 202 sys_acl_set_permset 211 .IP "" 3n203 .IP "" 212 204 sys_acl_set_qualifier 213 .IP "" 3n205 .IP "" 214 206 sys_acl_set_tag_type 215 .IP "" 3n207 .IP "" 216 208 sys_acl_to_text 217 .IP "" 3n209 .IP "" 218 210 sys_acl_valid 219 .IP "" 3n211 .IP "" 220 212 telldir 221 .IP "" 3n213 .IP "" 222 214 unlink 223 .IP "" 3n215 .IP "" 224 216 utime 225 .IP "" 3n217 .IP "" 226 218 write 227 219 .PP 228 220 In addition to these operations, 229 221 vfs_full_audit 230 recognizes the special operation names "all" and "none ", which refer to all the VFS operations and none of the VFS operations respectively .222 recognizes the special operation names "all" and "none ", which refer to all the VFS operations and none of the VFS operations respectively. 231 223 .PP 232 224 vfs_full_audit 233 records operations in fixed format consisting of fields separated by '|' characters. The format is: 234 225 records operations in fixed format consisting of fields separated by \'|\' characters\. The format is: 226 .sp 227 .RS 4 235 228 .nf 236 237 229 smbd_audit: PREFIX|OPERATION|RESULT|FILE 238 230 239 231 .fi 232 240 233 .PP 241 234 The record fields are: 242 .TP 3n 243 \(bu 235 .sp 236 .RS 4 237 .ie n \{\ 238 \h'-04'\(bu\h'+03'\c 239 .\} 240 .el \{\ 241 .sp -1 242 .IP \(bu 2.3 243 .\} 244 244 PREFIX 245 - the result of the full_audit:prefix string after variable substitutions 246 .TP 3n 247 \(bu 245 \- the result of the full_audit:prefix string after variable substitutions 246 .RE 247 .sp 248 .RS 4 249 .ie n \{\ 250 \h'-04'\(bu\h'+03'\c 251 .\} 252 .el \{\ 253 .sp -1 254 .IP \(bu 2.3 255 .\} 248 256 OPERATION 249 - the name of the VFS operation 250 .TP 3n 251 \(bu 257 \- the name of the VFS operation 258 .RE 259 .sp 260 .RS 4 261 .ie n \{\ 262 \h'-04'\(bu\h'+03'\c 263 .\} 264 .el \{\ 265 .sp -1 266 .IP \(bu 2.3 267 .\} 252 268 RESULT 253 - whether the operation succeeded or failed 254 .TP 3n 255 \(bu 269 \- whether the operation succeeded or failed 270 .RE 271 .sp 272 .RS 4 273 .ie n \{\ 274 \h'-04'\(bu\h'+03'\c 275 .\} 276 .el \{\ 277 .sp -1 278 .IP \(bu 2.3 279 .\} 256 280 FILE 257 - the name of the file or directory the operation was performed on 258 .PP 259 This module is stackable. 281 \- the name of the file or directory the operation was performed on 282 .sp 283 .RE 284 .PP 285 This module is stackable\. 260 286 .SH "OPTIONS" 261 287 .PP 262 288 vfs_full_audit:prefix = STRING 263 .RS 3n264 Prepend audit messages with STRING . STRING is processed for standard substitution variables listed in265 \fBsmb.conf\fR(5) . The default prefix is "%u|%I".289 .RS 290 Prepend audit messages with STRING. STRING is processed for standard substitution variables listed in 291 \fBsmb.conf\fR(5). 266 292 .RE 267 293 .PP 268 294 vfs_full_audit:success = LIST 269 .RS 3n270 LIST is a list of VFS operations that should be recorded if they succeed . Operations are specified using the names listed above.295 .RS 296 LIST is a list of VFS operations that should be recorded if they succeed. 271 297 .RE 272 298 .PP 273 299 vfs_full_audit:failure = LIST 274 .RS 3n275 LIST is a list of VFS operations that should be recorded if they failed . Operations are specified using the names listed above.300 .RS 301 LIST is a list of VFS operations that should be recorded if they failed. 276 302 .RE 277 303 .PP 278 304 full_audit:facility = FACILITY 279 .RS 3n305 .RS 280 306 Log messages to the named 281 307 \fBsyslog\fR(3) 282 facility .308 facility. 283 309 .RE 284 310 .PP 285 311 full_audit:priority = PRIORITY 286 .RS 3n312 .RS 287 313 Log messages with the named 288 314 \fBsyslog\fR(3) 289 priority .315 priority. 290 316 .RE 291 317 .SH "EXAMPLES" 292 318 .PP 293 319 Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address: 294 320 .sp 321 .RS 4 295 322 .nf 296 297 323 \fI[records]\fR 298 path = /data/records 299 vfs objects = full_audit 300 full_audit:prefix = %u|%I 301 full_audit:success = open opendir 302 full_audit:failure = all 303 full_audit:facility = LOCAL7 304 full_audit:priority = ALERT 305 324 \fIpath = /data/records\fR 325 \fIvfs objects = full_audit\fR 326 \fIfull_audit:prefix = %u|%I\fR 327 \fIfull_audit:success = open opendir\fR 328 \fIfull_audit:failure = all\fR 329 \fIfull_audit:facility = LOCAL7\fR 330 \fIfull_audit:priority = ALERT\fR 306 331 .fi 332 307 333 .SH "VERSION" 308 334 .PP 309 This man page is correct for version 3 .0.25 of the Samba suite.335 This man page is correct for version 3. 310 336 .SH "AUTHOR" 311 337 .PP 312 The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. 313 338 The original Samba software and related utilities were created by Andrew Tridgell\. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\.
Note:
See TracChangeset
for help on using the changeset viewer.
