Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] A lot of messages in full_audit log
310 views
Skip to first unread message
Thiago Tenório
Jan 4, 2015, 11:31:31 AM1/4/15
to
Hi,
I'm using full_audit vfs module and I'm seeing a lot of duplicated messages
in log file. Why does it happens ?
How can I configure de smb.conf not to log duplicated information ?
Duplicated log:
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
My smb.conf:
# Global parameters
[global]
workgroup = BASE
realm = BASE.LOCAL
netbios name = SERVER
server role = active directory domain controller
dns forwarder = 192.168.0.3
smb ports = 139
vfs objects = acl_xattr full_audit
full_audit:prefix = [%T|%U|%m|%I|%S]
full_audit:success = connect mkdir rmdir rename unlink fset_nt_acl
fsetxattr pread pwrite
full_audit:failure = none
full_audit:facility = local1
full_audit:priority = debug
[...]
--
Att,
Thol
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I'm using full_audit vfs module and I'm seeing a lot of duplicated messages
in log file. Why does it happens ?
How can I configure de smb.conf not to log duplicated information ?
Duplicated log:
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
Jan 4 13:27:50 server smbd_audit: [2015/01/04
13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
My smb.conf:
# Global parameters
[global]
workgroup = BASE
realm = BASE.LOCAL
netbios name = SERVER
server role = active directory domain controller
dns forwarder = 192.168.0.3
smb ports = 139
vfs objects = acl_xattr full_audit
full_audit:prefix = [%T|%U|%m|%I|%S]
full_audit:success = connect mkdir rmdir rename unlink fset_nt_acl
fsetxattr pread pwrite
full_audit:failure = none
full_audit:facility = local1
full_audit:priority = debug
[...]
--
Att,
Thol
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
Jan 4, 2015, 12:47:43 PM1/4/15
to
this week, you should not use .local, see the wiki.
also by adding 'vfs objects = acl_xattr full_audit' to smb.conf you have
turned off 'dfs_samba4', the correct line should be:
''vfs objects = dfs_samba4, acl_xattr, full_audit'
You need to add to the default line or you turn off the defaults.
Unfortunately, I do think 'full_audit' works with a samba4 AD DC.
Rowland
Volker Lendecke
Jan 4, 2015, 12:48:57 PM1/4/15
to
On Sun, Jan 04, 2015 at 01:30:27PM -0300, Thiago Tenório wrote:
> Hi,
>
> I'm using full_audit vfs module and I'm seeing a lot of duplicated messages
> in log file. Why does it happens ?
> How can I configure de smb.conf not to log duplicated information ?
>
> Duplicated log:
>
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
That's not duplicates. A client is reading the file piece by
> Hi,
>
> I'm using full_audit vfs module and I'm seeing a lot of duplicated messages
> in log file. Why does it happens ?
> How can I configure de smb.conf not to log duplicated information ?
>
> Duplicated log:
>
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
> Jan 4 13:27:50 server smbd_audit: [2015/01/04
> 13:27:50|semirames|samba-admin|192.168.0.3|setores]|pread|ok|Atendimento/James.txt
piece.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kon...@sernet.de
0 new messages