samba - Nov 2020 - No Logging for most VFS Operations with full_audit on smbd 4.9.5-Debian

Greetings,

I am running audits on a restricted file share for smbd 4.9.5-Debian. Messages
go to syslog via local5. I am mostly interested in file access and modification,
plus the occasional failed connect. The only operations that yield any results
appear to be 'opendir' and 'open'. Unfortunately, 'open'
is chatty to an extend as to render logging useless. I am getting repeated
directory access and file readaheads just by opening that share.

My thinking was 'read', 'write', and 'mkdir'; but,
again, no logging whatsoever for those operations. Is this by design, or is my
setup missing important aspects?

To get started, below a snippet from my 'smb.conf' for the share in
question.

TIA

Mike

<---

[AUDIT]

                path = /srv/AUDIT
                read only = No
                browseable = No
                include = /etc/samba/userconf/%U.audit.conf
                valid users = root more users here
                vfs objects = acl_xattr full_audit
                full_audit:success = open read write mkdir
                full_audit:prefix = %u|%I|%m|%S
                full_audit:failure = connect
                full_audit:facility = local5
                full_audit:priority = info
                full_audit:syslog = true

--->