← Back to branch summary

~zulcss/samba/server-dailies-3.4

« back to all changes in this revision

Viewing changes to docs-xml/manpages-3/vfs_full_audit.8.xml

  • Committer: Chuck Short
  • Date: 2010-09-28 20:38:39 UTC
  • Revision ID: zulcss@ubuntu.com-20100928203839-pgjulytsi9ue63x1
Initial version

Show diffs side-by-side

added added

removed removed

Lines of Context:
docs-xml/manpages-3/vfs_full_audit.8.xml
 
1
<?xml version="1.0" encoding="iso-8859-1"?>
 
2
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
 
3
<refentry id="vfs_full_audit.8">
 
4
 
 
5
<refmeta>
 
6
        <refentrytitle>vfs_full_audit</refentrytitle>
 
7
        <manvolnum>8</manvolnum>
 
8
        <refmiscinfo class="source">Samba</refmiscinfo>
 
9
        <refmiscinfo class="manual">System Administration tools</refmiscinfo>
 
10
        <refmiscinfo class="version">3.4</refmiscinfo>
 
11
</refmeta>
 
12
 
 
13
 
 
14
<refnamediv>
 
15
        <refname>vfs_full_audit</refname>
 
16
        <refpurpose>record Samba VFS operations in the system log</refpurpose>
 
17
</refnamediv>
 
18
 
 
19
<refsynopsisdiv>
 
20
        <cmdsynopsis>
 
21
                <command>vfs objects = full_audit</command>
 
22
        </cmdsynopsis>
 
23
</refsynopsisdiv>
 
24
 
 
25
<refsect1>
 
26
        <title>DESCRIPTION</title>
 
27
 
 
28
        <para>This VFS module is part of the
 
29
        <citerefentry><refentrytitle>samba</refentrytitle>
 
30
        <manvolnum>7</manvolnum></citerefentry> suite.</para>
 
31
 
 
32
        <para>The <command>vfs_full_audit</command> VFS module records selected
 
33
        client operations to the system log using
 
34
        <citerefentry><refentrytitle>syslog</refentrytitle>
 
35
        <manvolnum>3</manvolnum></citerefentry>.</para>
 
36
 
 
37
        <para><command>vfs_full_audit</command> is able to record the
 
38
        complete set of Samba VFS operations:</para>
 
39
 
 
40
        <simplelist>
 
41
        <member>aio_cancel</member>
 
42
        <member>aio_error</member>
 
43
        <member>aio_fsync</member>
 
44
        <member>aio_read</member>
 
45
        <member>aio_return</member>
 
46
        <member>aio_suspend</member>
 
47
        <member>aio_write</member>
 
48
        <member>chdir</member>
 
49
        <member>chflags</member>
 
50
        <member>chmod</member>
 
51
        <member>chmod_acl</member>
 
52
        <member>chown</member>
 
53
        <member>close</member>
 
54
        <member>closedir</member>
 
55
        <member>connect</member>
 
56
        <member>disconnect</member>
 
57
        <member>disk_free</member>
 
58
        <member>fchmod</member>
 
59
        <member>fchmod_acl</member>
 
60
        <member>fchown</member>
 
61
        <member>fget_nt_acl</member>
 
62
        <member>fgetxattr</member>
 
63
        <member>flistxattr</member>
 
64
        <member>fremovexattr</member>
 
65
        <member>fset_nt_acl</member>
 
66
        <member>fsetxattr</member>
 
67
        <member>fstat</member>
 
68
        <member>fsync</member>
 
69
        <member>ftruncate</member>
 
70
        <member>get_nt_acl</member>
 
71
        <member>get_quota</member>
 
72
        <member>get_shadow_copy_data</member>
 
73
        <member>getlock</member>
 
74
        <member>getwd</member>
 
75
        <member>getxattr</member>
 
76
        <member>kernel_flock</member>
 
77
        <member>lgetxattr</member>
 
78
        <member>link</member>
 
79
        <member>linux_setlease</member>
 
80
        <member>listxattr</member>
 
81
        <member>llistxattr</member>
 
82
        <member>lock</member>
 
83
        <member>lremovexattr</member>
 
84
        <member>lseek</member>
 
85
        <member>lsetxattr</member>
 
86
        <member>lstat</member>
 
87
        <member>mkdir</member>
 
88
        <member>mknod</member>
 
89
        <member>open</member>
 
90
        <member>opendir</member>
 
91
        <member>pread</member>
 
92
        <member>pwrite</member>
 
93
        <member>read</member>
 
94
        <member>readdir</member>
 
95
        <member>readlink</member>
 
96
        <member>realpath</member>
 
97
        <member>removexattr</member>
 
98
        <member>rename</member>
 
99
        <member>rewinddir</member>
 
100
        <member>rmdir</member>
 
101
        <member>seekdir</member>
 
102
        <member>sendfile</member>
 
103
        <member>set_nt_acl</member>
 
104
        <member>set_quota</member>
 
105
        <member>setxattr</member>
 
106
        <member>stat</member>
 
107
        <member>statvfs</member>
 
108
        <member>symlink</member>
 
109
        <member>sys_acl_add_perm</member>
 
110
        <member>sys_acl_clear_perms</member>
 
111
        <member>sys_acl_create_entry</member>
 
112
        <member>sys_acl_delete_def_file</member>
 
113
        <member>sys_acl_free_acl</member>
 
114
        <member>sys_acl_free_qualifier</member>
 
115
        <member>sys_acl_free_text</member>
 
116
        <member>sys_acl_get_entry</member>
 
117
        <member>sys_acl_get_fd</member>
 
118
        <member>sys_acl_get_file</member>
 
119
        <member>sys_acl_get_perm</member>
 
120
        <member>sys_acl_get_permset</member>
 
121
        <member>sys_acl_get_qualifier</member>
 
122
        <member>sys_acl_get_tag_type</member>
 
123
        <member>sys_acl_init</member>
 
124
        <member>sys_acl_set_fd</member>
 
125
        <member>sys_acl_set_file</member>
 
126
        <member>sys_acl_set_permset</member>
 
127
        <member>sys_acl_set_qualifier</member>
 
128
        <member>sys_acl_set_tag_type</member>
 
129
        <member>sys_acl_to_text</member>
 
130
        <member>sys_acl_valid</member>
 
131
        <member>telldir</member>
 
132
        <member>unlink</member>
 
133
        <member>utime</member>
 
134
        <member>write</member>
 
135
        </simplelist>
 
136
 
 
137
        <para>In addition to these operations,
 
138
        <command>vfs_full_audit</command> recognizes the special operation
 
139
        names &quot;all&quot; and &quot;none &quot;, which refer to all
 
140
        the VFS operations and none of the VFS operations respectively.
 
141
        </para>
 
142
 
 
143
        <para><command>vfs_full_audit</command> records operations in fixed
 
144
        format consisting of fields separated by '|' characters. The
 
145
        format is: </para>
 
146
        <programlisting>
 
147
                smbd_audit: PREFIX|OPERATION|RESULT|FILE
 
148
        </programlisting>
 
149
 
 
150
        <para>The record fields are:</para>
 
151
 
 
152
        <itemizedlist>
 
153
        <listitem><para><command>PREFIX</command> - the result of the full_audit:prefix string after variable substitutions</para></listitem>
 
154
        <listitem><para><command>OPERATION</command> - the name of the VFS operation</para></listitem>
 
155
        <listitem><para><command>RESULT</command> - whether the operation succeeded or failed</para></listitem>
 
156
        <listitem><para><command>FILE</command> - the name of the file or directory the operation was performed on</para></listitem>
 
157
 
 
158
        </itemizedlist>
 
159
 
 
160
        <para>This module is stackable.</para>
 
161
 
 
162
</refsect1>
 
163
 
 
164
 
 
165
<refsect1>
 
166
        <title>OPTIONS</title>
 
167
 
 
168
        <variablelist>
 
169
 
 
170
                <varlistentry>
 
171
                <term>vfs_full_audit:prefix = STRING</term>
 
172
                <listitem>
 
173
                <para>Prepend audit messages with STRING. STRING is
 
174
                processed for standard substitution variables listed in
 
175
                <citerefentry><refentrytitle>smb.conf</refentrytitle>
 
176
                <manvolnum>5</manvolnum></citerefentry>. The default
 
177
                prefix is &quot;%u|%I&quot;. </para>
 
178
 
 
179
                </listitem>
 
180
                </varlistentry>
 
181
 
 
182
                <varlistentry>
 
183
                <term>vfs_full_audit:success = LIST</term>
 
184
                <listitem>
 
185
                <para>LIST is a list of VFS operations that should be
 
186
                recorded if they succeed. Operations are specified using
 
187
                the names listed above.
 
188
                </para>
 
189
 
 
190
                </listitem>
 
191
                </varlistentry>
 
192
 
 
193
                <varlistentry>
 
194
                <term>vfs_full_audit:failure = LIST</term>
 
195
                <listitem>
 
196
                <para>LIST is a list of VFS operations that should be
 
197
                recorded if they failed. Operations are specified using
 
198
                the names listed above.
 
199
                </para>
 
200
 
 
201
                </listitem>
 
202
                </varlistentry>
 
203
 
 
204
                <varlistentry>
 
205
                <term>full_audit:facility = FACILITY</term>
 
206
                <listitem>
 
207
                <para>Log messages to the named
 
208
                <citerefentry><refentrytitle>syslog</refentrytitle>
 
209
                <manvolnum>3</manvolnum></citerefentry> facility.
 
210
 
 
211
                </para>
 
212
 
 
213
                </listitem>
 
214
                </varlistentry>
 
215
 
 
216
                <varlistentry>
 
217
                <term>full_audit:priority = PRIORITY</term>
 
218
                <listitem>
 
219
                <para>Log messages with the named
 
220
                <citerefentry><refentrytitle>syslog</refentrytitle>
 
221
                <manvolnum>3</manvolnum></citerefentry> priority.
 
222
                </para>
 
223
 
 
224
                </listitem>
 
225
                </varlistentry>
 
226
 
 
227
        </variablelist>
 
228
</refsect1>
 
229
 
 
230
<refsect1>
 
231
        <title>EXAMPLES</title>
 
232
 
 
233
        <para>Log file and directory open operations on the [records]
 
234
        share using the LOCAL7 facility and ALERT priority, including
 
235
        the username and IP address:</para>
 
236
 
 
237
<programlisting>
 
238
        <smbconfsection name="[records]"/>
 
239
        <smbconfoption name="path">/data/records</smbconfoption>
 
240
        <smbconfoption name="vfs objects">full_audit</smbconfoption>
 
241
        <smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
 
242
        <smbconfoption name="full_audit:success">open opendir</smbconfoption>
 
243
        <smbconfoption name="full_audit:failure">all</smbconfoption>
 
244
        <smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
 
245
        <smbconfoption name="full_audit:priority">ALERT</smbconfoption>
 
246
</programlisting>
 
247
 
 
248
</refsect1>
 
249
 
 
250
<refsect1>
 
251
        <title>VERSION</title>
 
252
        <para>This man page is correct for version 3.0.25 of the Samba suite.
 
253
        </para>
 
254
</refsect1>
 
255
 
 
256
<refsect1>
 
257
        <title>AUTHOR</title>
 
258
 
 
259
        <para>The original Samba software and related utilities
 
260
        were created by Andrew Tridgell. Samba is now developed
 
261
        by the Samba Team as an Open Source project similar
 
262
        to the way the Linux kernel is developed.</para>
 
263
 
 
264
</refsect1>
 
265
 
 
266
</refentry>