Anderson Sampaio Mello
2022-Dec-01 22:58 UTC
[Samba] module vfs_full_audit events not logged
Hello samba team, how are you? I use version 4.15.4 of samba configured as a member server, and I have the vfs_full_audit module configured. My difficulty is making the module generate the following records: 1st - Recording in the file 2nd - Reading the file 3rd - File creation The create_file event, generates the log informing the creation of the file and its opening, but it also generates much more information (duplicates), the write event, does not generate any log, pread does not generate log regarding file reading and pwrite does not generate log write to file. The linkat event also does not generate records regarding the creation of files and directories. maybe it's used for a special file, like symlinks? Am I reading incorrectly what each event does? The documentation doesn't have a description of what each event does, so I'm lost, can someone help me or give me a direction? The vfs_full_audit module is configured as follows: full_audit:success = open, create_file, pread, pwrite, renameat, mkdirat, unlinkat, linkat full_audit:failure = open, create_file, pread, pwrite, renameat, mkdirat, unlinkat, linkat full_audit:facility = local5 full_audit:priority = alert full_audit:prefix = %I|%S|%u Thanks