thr3ads.net - samba - [Samba] how to log only opened files via vfs

If this information is useful, please help other people find it:
Share via:

Hubert Choma

2008-Mar-18 09:26 UTC

[Samba] how to log only opened files via vfs_modules?

I have share with a lot of scan files with .tif extension.
They are grouped in catalogs by years for example 2006 2007 2008 etc.
I would like to log open files (open scanned files .tif) by users. But 
/var/log/messages shows a lot of useless informations!!.

For example user fujitsu opened only file 11005_07.tif in windows 
explorer.
In /var/log/messages I can't exactly know which file was opened by user. 
Audit lists me all touched files by windows explorer but I must know 
which one was opened.
Its generate me a lot of unnecessary entrys in /var/log/messages.

Other operations on files like remove delete or rename are logged 
correctly.

PLEASE HELP !
See my smb.conf

Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12795_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12795_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12795_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12793_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12792_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12791_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12790_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/11005_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12790_07.tif
Mar 18 09:54:00 localhost smbd_audit: 
fujitsu|sm17|10.10.10.160|skany|pread|ok|2007/12790_07.tif


smb.conf

[global]
 log level = 2 vfs:3 auth:2 passdb:3
 log file = /var/log/samba/%U.%m.log
 max log size = 5000

[skany]
        comment = skany
;       browseable = yes
        path = /mnt/skany/skany/
        write list = @skanery
        valid users = @geo,@skanery
        deny hosts = korytarz1, korytarz2
        vfs objects = recycle full_audit
        recycle:repository = .recycle/%U
        recycle:touch = true
        recycle:keeptree = true
        recycle:versions = false
        recycle:exclude = *.TMP
        recycle:directory_mode = 773
        full_audit:success = write pwrite rename unlink rmdir mkdir connect read
pread
        full_audit:prefix = %u|%m|%I|%S
        full_audit:failure = read write
        force create mode = 0777

----------------------------------------------------
Nie rozliczaj PITu na liczydle! ?ci?gnij formularz PIT, 
kt?ry wype?nisz na komputerze. Wystarczy wpisa? niezb?dne 
dane a obliczenia wykonaj? si? automatycznie! 
http://klik.wp.pl/?adr=http%3A%2F%2Fpodatki.wp.pl%2Fnarzedzia_formularze_aktywne.html&sid=262

Volker Lendecke

2008-Mar-18 09:43 UTC

head link

[Samba] how to log only opened files via vfs_modules?

On Tue, Mar 18, 2008 at 10:25:57AM +0100, Hubert Choma
wrote:> I have share with a lot of scan files with .tif extension.
> They are grouped in catalogs by years for example 2006 2007 2008 etc.
> I would like to log open files (open scanned files .tif) by users. But 
> /var/log/messages shows a lot of useless informations!!.
> 
> For example user fujitsu opened only file 11005_07.tif in windows 
> explorer.
> In /var/log/messages I can't exactly know which file was opened by
user.
> Audit lists me all touched files by windows explorer but I must know 
> which one was opened.
> Its generate me a lot of unnecessary entrys in /var/log/messages.
> 
> Other operations on files like remove delete or rename are logged 
> correctly.
Explorer *does* read at least part of all files to display
the shiny little icon.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20080318/7843731c/attachment.bin

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Mar 2008 - how to log only opened files via vfs_modules?

[Samba] how to log only opened files via vfs_modules?

[Samba] how to log only opened files via vfs_modules?

Possibly Parallel Threads