VFS_FULL_AUDIT(8) System Administration tools VFS_FULL_AUDIT(8)NAME
vfs_full_audit - record Samba VFS operations in the system log
SYNOPSIS
vfs objects = full_audit
DESCRIPTION
This VFS module is part of the samba(7) suite.
The vfs_full_audit VFS module records selected client operations to the system log using syslog(3).
vfs_full_audit is able to record the complete set of Samba VFS operations:
chdir
chflags
chmod
chmod_acl
chown
close
closedir
connect
copy_chunk_send
copy_chunk_recv
disconnect
disk_free
fchmod
fchmod_acl
fchown
fget_nt_acl
fgetxattr
flistxattr
fremovexattr
fset_nt_acl
fsetxattr
fstat
fsync
ftruncate
get_nt_acl
get_quota
get_shadow_copy_data
getlock
getwd
getxattr
kernel_flock
link
linux_setlease
listxattr
lock
lseek
lstat
mkdir
mknod
open
opendir
pread
pwrite
read
readdir
readlink
realpath
removexattr
rename
rewinddir
rmdir
seekdir
sendfile
set_nt_acl
set_quota
setxattr
stat
statvfs
symlink
sys_acl_delete_def_file
sys_acl_get_fd
sys_acl_get_file
sys_acl_set_fd
sys_acl_set_file
telldir
unlink
utime
write
In addition to these operations, vfs_full_audit recognizes the special operation names "all" and "none ", which refer to all the VFS
operations and none of the VFS operations respectively.
vfs_full_audit records operations in fixed format consisting of fields separated by '|' characters. The format is:
smbd_audit: PREFIX|OPERATION|RESULT|FILE
The record fields are:
o PREFIX - the result of the full_audit:prefix string after variable substitutions
o OPERATION - the name of the VFS operation
o RESULT - whether the operation succeeded or failed
o FILE - the name of the file or directory the operation was performed on
This module is stackable.
OPTIONS
vfs_full_audit:prefix = STRING
Prepend audit messages with STRING. STRING is processed for standard substitution variables listed in smb.conf(5). The default prefix
is "%u|%I".
full_audit:success = LIST
LIST is a list of VFS operations that should be recorded if they succeed. Operations are specified using the names listed above.
Operations can be unset by prefixing the names with "!". The default is all operations.
full_audit:failure = LIST
LIST is a list of VFS operations that should be recorded if they failed. Operations are specified using the names listed above.
Operations can be unset by prefixing the names with "!". The default is all operations.
full_audit:facility = FACILITY
Log messages to the named syslog(3) facility.
full_audit:priority = PRIORITY
Log messages with the named syslog(3) priority.
EXAMPLES
Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP
address. Logging excludes the open VFS function on failures:
[records]
path = /data/records
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:success = open opendir
full_audit:failure = all !open
full_audit:facility = LOCAL7
full_audit:priority = ALERT
VERSION
This man page is correct for version 3.0.25 of the Samba suite.
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 4.0 06/17/2014 VFS_FULL_AUDIT(8)
Check Out this Related Man Page
VFSTEST(1) User Commands VFSTEST(1)NAME
vfstest - tool for testing samba VFS modules
SYNOPSIS
vfstest [-d debuglevel] [-c command] [-l logdir] [-h]
DESCRIPTION
This tool is part of the samba(7) suite.
vfstest is a small command line utility that has the ability to test dso samba VFS modules. It gives the user the ability to call the
various VFS functions manually and supports cascaded VFS modules.
OPTIONS
-c|--command=command
Execute the specified (colon-separated) commands. See below for the commands that are available.
-h|--help
Print a summary of command line options.
-l|--logfile=logbasename
File name for log/debug files. The extension '.client' will be appended. The log file is never removed by the client.
-d|--debuglevel=level
level is an integer from 0 to 10. The default value if this parameter is not specified is 0.
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical
errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are
designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the smb.conf file.
-V
Prints the program version number.
-s <configuration file>
The file specified contains the configuration details required by the server. The information in this file includes server-specific
information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf
for more information. The default configuration file name is determined at compile time.
-l|--log-basename=logdirectory
Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log
file is never removed by the client.
COMMANDS
VFS COMMANDS
o load <module.so> - Load specified VFS module
o populate <char> <size> - Populate a data buffer with the specified data
o showdata [<offset> <len>] - Show data currently in data buffer
o connect - VFS connect()
o disconnect - VFS disconnect()
o disk_free - VFS disk_free()
o opendir - VFS opendir()
o readdir - VFS readdir()
o mkdir - VFS mkdir()
o rmdir - VFS rmdir()
o closedir - VFS closedir()
o open - VFS open()
o close - VFS close()
o read - VFS read()
o write - VFS write()
o lseek - VFS lseek()
o rename - VFS rename()
o fsync - VFS fsync()
o stat - VFS stat()
o fstat - VFS fstat()
o lstat - VFS lstat()
o unlink - VFS unlink()
o chmod - VFS chmod()
o fchmod - VFS fchmod()
o chown - VFS chown()
o fchown - VFS fchown()
o chdir - VFS chdir()
o getwd - VFS getwd()
o utime - VFS utime()
o ftruncate - VFS ftruncate()
o lock - VFS lock()
o symlink - VFS symlink()
o readlink - VFS readlink()
o link - VFS link()
o mknod - VFS mknod()
o realpath - VFS realpath()
GENERAL COMMANDS
o conf <smb.conf> - Load a different configuration file
o help [<command>] - Get list of commands or info about specified command
o debuglevel <level> - Set debug level
o freemem - Free memory currently in use
o exit - Exit vfstest
VERSION
This man page is correct for version 3.0 of the Samba suite.
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
The vfstest man page was written by Jelmer Vernooij.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+--------------------+----------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+----------------------+
|Availability | SUNWsmbar, SUNWsmbau |
+--------------------+----------------------+
|Interface Stability | External |
+--------------------+----------------------+
NOTES
Source for Samba is available on http://opensolaris.org.
Samba(7) delivers the set of four SMF(5) services as can be seen from the following example:
$ svcs samba wins winbind swat
STATE STIME FMRI
disabled Apr_21 svc:/network/samba:default
disabled Apr_21 svc:/network/winbind:default
disabled Apr_21 svc:/network/wins:default
disabled Apr_21 svc:/network/swat:default
where the services are:
"samba"
runs the smbd daemon managing the CIFS sessions
"wins"
runs the nmbd daemon enabling the browsing (WINS)
"winbind"
runs the winbindd daemon making the domain idmap
"swat"
Samba Web Administration Tool is a service providing access to browser-based Samba administration interface and on-line documentation.
The service runs on software loopback network interface on port 901/tcp, i.e. opening "http://localhost:901/" in browser will access
the SWAT service on local machine.
Please note: SWAT uses HTTP Basic Authentication scheme where user name and passwords are sent over the network in clear text. In the SWAT
case the user name is root. Transferring such sensitive data is advisable only on the software loopback network interface or over secure
networks.
Samba 3.0 01/19/2009 VFSTEST(1)