source: trunk/samba/docs/htmldocs/manpages/vfs_full_audit.8.html @ 17

Last change on this file since 17 was 1, checked in by Paul Smedley, 14 years ago

Initial code import

File size: 7.5 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>vfs_full_audit</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="vfs_full_audit.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfs_full_audit &#8212; record Samba VFS operations in the system log</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfs objects = full_audit</code> </p></div></div><div class="refsect1" lang="en"><a name="id263118"></a><h2>DESCRIPTION</h2><p>This VFS module is part of the
2        <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <span><strong class="command">vfs_full_audit</strong></span> VFS module records selected
3        client operations to the system log using
4        <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a>.</p><p><span><strong class="command">vfs_full_audit</strong></span> is able to record the
5        complete set of Samba VFS operations:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>connect</td></tr><tr><td>disconnect</td></tr><tr><td>disk_free</td></tr><tr><td>get_quota</td></tr><tr><td>set_quota</td></tr><tr><td>get_shadow_copy_data</td></tr><tr><td>statvfs</td></tr><tr><td>opendir</td></tr><tr><td>readdir</td></tr><tr><td>seekdir</td></tr><tr><td>telldir</td></tr><tr><td>rewinddir</td></tr><tr><td>mkdir</td></tr><tr><td>rmdir</td></tr><tr><td>closedir</td></tr><tr><td>open</td></tr><tr><td>close</td></tr><tr><td>read</td></tr><tr><td>pread</td></tr><tr><td>write</td></tr><tr><td>pwrite</td></tr><tr><td>lseek</td></tr><tr><td>sendfile</td></tr><tr><td>rename</td></tr><tr><td>fsync</td></tr><tr><td>stat</td></tr><tr><td>fstat</td></tr><tr><td>lstat</td></tr><tr><td>unlink</td></tr><tr><td>chmod</td></tr><tr><td>fchmod</td></tr><tr><td>chown</td></tr><tr><td>fchown</td></tr><tr><td>chdir</td></tr><tr><td>getwd</td></tr><tr><td>utime</td></tr><tr><td>ftruncate</td></tr><tr><td>lock</td></tr><tr><td>kernel_flock</td></tr><tr><td>linux_setlease</td></tr><tr><td>getlock</td></tr><tr><td>symlink</td></tr><tr><td>readlink</td></tr><tr><td>link</td></tr><tr><td>mknod</td></tr><tr><td>realpath</td></tr><tr><td>fget_nt_acl</td></tr><tr><td>get_nt_acl</td></tr><tr><td>fset_nt_acl</td></tr><tr><td>set_nt_acl</td></tr><tr><td>chmod_acl</td></tr><tr><td>fchmod_acl</td></tr><tr><td>sys_acl_get_entry</td></tr><tr><td>sys_acl_get_tag_type</td></tr><tr><td>sys_acl_get_permset</td></tr><tr><td>sys_acl_get_qualifier</td></tr><tr><td>sys_acl_get_file</td></tr><tr><td>sys_acl_get_fd</td></tr><tr><td>sys_acl_clear_perms</td></tr><tr><td>sys_acl_add_perm</td></tr><tr><td>sys_acl_to_text</td></tr><tr><td>sys_acl_init</td></tr><tr><td>sys_acl_create_entry</td></tr><tr><td>sys_acl_set_tag_type</td></tr><tr><td>sys_acl_set_qualifier</td></tr><tr><td>sys_acl_set_permset</td></tr><tr><td>sys_acl_valid</td></tr><tr><td>sys_acl_set_file</td></tr><tr><td>sys_acl_set_fd</td></tr><tr><td>sys_acl_delete_def_file</td></tr><tr><td>sys_acl_get_perm</td></tr><tr><td>sys_acl_free_text</td></tr><tr><td>sys_acl_free_acl</td></tr><tr><td>sys_acl_free_qualifier</td></tr><tr><td>getxattr</td></tr><tr><td>lgetxattr</td></tr><tr><td>fgetxattr</td></tr><tr><td>listxattr</td></tr><tr><td>llistxattr</td></tr><tr><td>flistxattr</td></tr><tr><td>removexattr</td></tr><tr><td>lremovexattr</td></tr><tr><td>fremovexattr</td></tr><tr><td>setxattr</td></tr><tr><td>lsetxattr</td></tr><tr><td>fsetxattr</td></tr><tr><td>aio_read</td></tr><tr><td>aio_write</td></tr><tr><td>aio_return</td></tr><tr><td>aio_cancel</td></tr><tr><td>aio_error</td></tr><tr><td>aio_fsync</td></tr><tr><td>aio_suspend</td></tr></table><p>In addition to these operations,
6        <span><strong class="command">vfs_full_audit</strong></span> recognizes the special operation
7        names "all" and "none ", which refer to all
8        the VFS operations and none of the VFS operations respectively.
9        </p><p><span><strong class="command">vfs_full_audit</strong></span> records operations in fixed
10        format consisting of fields separated by '|' characters. The
11        format is: </p><pre class="programlisting">
12                smbd_audit: PREFIX|OPERATION|RESULT|FILE
13        </pre><p>The record fields are:</p><div class="itemizedlist"><ul type="disc"><li><p><span><strong class="command">PREFIX</strong></span> - the result of the full_audit:prefix string after variable substitutions</p></li><li><p><span><strong class="command">OPERATION</strong></span> - the name of the VFS operation</p></li><li><p><span><strong class="command">RESULT</strong></span> - whether the operation succeeded or failed</p></li><li><p><span><strong class="command">FILE</strong></span> - the name of the file or directory the operation was performed on</p></li></ul></div><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id271774"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">vfs_full_audit:prefix = STRING</span></dt><dd><p>Prepend audit messages with STRING. STRING is
14                processed for standard substitution variables listed in
15                <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>. The default
16                prefix is "%u|%I". </p></dd><dt><span class="term">vfs_full_audit:success = LIST</span></dt><dd><p>LIST is a list of VFS operations that should be
17                recorded if they succeed. Operations are specified using
18                the names listed above.
19                </p></dd><dt><span class="term">vfs_full_audit:failure = LIST</span></dt><dd><p>LIST is a list of VFS operations that should be
20                recorded if they failed. Operations are specified using
21                the names listed above.
22                </p></dd><dt><span class="term">full_audit:facility = FACILITY</span></dt><dd><p>Log messages to the named
23                <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a> facility.
24
25                </p></dd><dt><span class="term">full_audit:priority = PRIORITY</span></dt><dd><p>Log messages with the named
26                <a href="syslog.3.html"><span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span></a> priority.
27                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id271879"></a><h2>EXAMPLES</h2><p>Log file and directory open operations on the [records]
28        share using the LOCAL7 facility and ALERT priority, including
29        the username and IP address:</p><pre class="programlisting">
30        <em class="parameter"><code>[records]</code></em>
31        <a class="indexterm" name="id271900"></a>path = /data/records
32        <a class="indexterm" name="id271907"></a>vfs objects = full_audit
33        <a class="indexterm" name="id271914"></a>full_audit:prefix = %u|%I
34        <a class="indexterm" name="id271921"></a>full_audit:success = open opendir
35        <a class="indexterm" name="id271928"></a>full_audit:failure = all
36        <a class="indexterm" name="id271935"></a>full_audit:facility = LOCAL7
37        <a class="indexterm" name="id271943"></a>full_audit:priority = ALERT
38</pre></div><div class="refsect1" lang="en"><a name="id271952"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.
39        </p></div><div class="refsect1" lang="en"><a name="id271962"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
40        were created by Andrew Tridgell. Samba is now developed
41        by the Samba Team as an Open Source project similar
42        to the way the Linux kernel is developed.</p></div></div></body></html>
Note: See TracBrowser for help on using the repository browser.