aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
arm-master
arm-sdk714
arm-sdk7
arm-ng
2025.2
2024.5
2024.4
2024.3
2024.2
2024.1
2023.5
2023.4
2023.3
2023.2
2023.1
2022.7
2022.6
2022.5
2022.4
2022.3
2022.2
2022.1
2021.8
2021.7
2021.6
2021.5
2021.4
2021.3
2021.2
2021.1
2021.1.082
2021.1.070
2021.1.044
2020.8
2020.8.164
2020.8.144
2020.8.130
2020.8.113
2020.8.083
2020.8.060
2020.8.048
2020.8.042
2020.8.029
2020.8.022
2020.8.021
2020.6
2020.6.084
2020.6.080
2020.6.076
2020.6.065
2020.6.064
2020.6.060
2020.6.055
2020.5
2020.4
2020.4.140
2020.4.100
2020.4.078
2020.3
2020.3.039
2020.3.031
2020.3.028
2020.3.027
2020.2
2020.1
2020.1.037
2020.1.001
2019.4
2019.4.095
2019.4.090
2019.4.056
2019.3
2019.3.274
2025.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'arm-master'
${ noResults }
freshtomato-arm/release/src-rt-6.x.4708/router/samba3/docs/manpages/vfs_full_audit.8

459 lines
6.4 KiB
Groff
Raw Permalink Blame History

'\" t
.\" Title: vfs_full_audit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 09/18/2013
.\" Manual: System Administration tools
.\" Source: Samba 3.6
.\" Language: English
.\"
.TH "VFS_FULL_AUDIT" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
vfs_full_audit \- record Samba VFS operations in the system log
.SH "SYNOPSIS"
.HP \w'\ 'u
vfs objects = full_audit
.SH "DESCRIPTION"
.PP
This VFS module is part of the
\fBsamba\fR(7)
suite\&.
.PP
The
vfs_full_audit
VFS module records selected client operations to the system log using
\fBsyslog\fR(3)\&.
.PP
vfs_full_audit
is able to record the complete set of Samba VFS operations:
.RS 4
aio_cancel
.RE
.RS 4
aio_error
.RE
.RS 4
aio_fsync
.RE
.RS 4
aio_read
.RE
.RS 4
aio_return
.RE
.RS 4
aio_suspend
.RE
.RS 4
aio_write
.RE
.RS 4
chdir
.RE
.RS 4
chflags
.RE
.RS 4
chmod
.RE
.RS 4
chmod_acl
.RE
.RS 4
chown
.RE
.RS 4
close
.RE
.RS 4
closedir
.RE
.RS 4
connect
.RE
.RS 4
disconnect
.RE
.RS 4
disk_free
.RE
.RS 4
fchmod
.RE
.RS 4
fchmod_acl
.RE
.RS 4
fchown
.RE
.RS 4
fget_nt_acl
.RE
.RS 4
fgetxattr
.RE
.RS 4
flistxattr
.RE
.RS 4
fremovexattr
.RE
.RS 4
fset_nt_acl
.RE
.RS 4
fsetxattr
.RE
.RS 4
fstat
.RE
.RS 4
fsync
.RE
.RS 4
ftruncate
.RE
.RS 4
get_nt_acl
.RE
.RS 4
get_quota
.RE
.RS 4
get_shadow_copy_data
.RE
.RS 4
getlock
.RE
.RS 4
getwd
.RE
.RS 4
getxattr
.RE
.RS 4
kernel_flock
.RE
.RS 4
lgetxattr
.RE
.RS 4
link
.RE
.RS 4
linux_setlease
.RE
.RS 4
listxattr
.RE
.RS 4
llistxattr
.RE
.RS 4
lock
.RE
.RS 4
lremovexattr
.RE
.RS 4
lseek
.RE
.RS 4
lsetxattr
.RE
.RS 4
lstat
.RE
.RS 4
mkdir
.RE
.RS 4
mknod
.RE
.RS 4
open
.RE
.RS 4
opendir
.RE
.RS 4
pread
.RE
.RS 4
pwrite
.RE
.RS 4
read
.RE
.RS 4
readdir
.RE
.RS 4
readlink
.RE
.RS 4
realpath
.RE
.RS 4
removexattr
.RE
.RS 4
rename
.RE
.RS 4
rewinddir
.RE
.RS 4
rmdir
.RE
.RS 4
seekdir
.RE
.RS 4
sendfile
.RE
.RS 4
set_nt_acl
.RE
.RS 4
set_quota
.RE
.RS 4
setxattr
.RE
.RS 4
stat
.RE
.RS 4
statvfs
.RE
.RS 4
symlink
.RE
.RS 4
sys_acl_add_perm
.RE
.RS 4
sys_acl_clear_perms
.RE
.RS 4
sys_acl_create_entry
.RE
.RS 4
sys_acl_delete_def_file
.RE
.RS 4
sys_acl_free_acl
.RE
.RS 4
sys_acl_free_qualifier
.RE
.RS 4
sys_acl_free_text
.RE
.RS 4
sys_acl_get_entry
.RE
.RS 4
sys_acl_get_fd
.RE
.RS 4
sys_acl_get_file
.RE
.RS 4
sys_acl_get_perm
.RE
.RS 4
sys_acl_get_permset
.RE
.RS 4
sys_acl_get_qualifier
.RE
.RS 4
sys_acl_get_tag_type
.RE
.RS 4
sys_acl_init
.RE
.RS 4
sys_acl_set_fd
.RE
.RS 4
sys_acl_set_file
.RE
.RS 4
sys_acl_set_permset
.RE
.RS 4
sys_acl_set_qualifier
.RE
.RS 4
sys_acl_set_tag_type
.RE
.RS 4
sys_acl_to_text
.RE
.RS 4
sys_acl_valid
.RE
.RS 4
telldir
.RE
.RS 4
unlink
.RE
.RS 4
utime
.RE
.RS 4
write
.RE
.PP
In addition to these operations,
vfs_full_audit
recognizes the special operation names "all" and "none ", which refer to all the VFS operations and none of the VFS operations respectively\&.
.PP
vfs_full_audit
records operations in fixed format consisting of fields separated by \*(Aq|\*(Aq characters\&. The format is:
.sp
.if n \{\
.RS 4
.\}
.nf
smbd_audit: PREFIX|OPERATION|RESULT|FILE
.fi
.if n \{\
.RE
.\}
.PP
The record fields are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PREFIX
\- the result of the full_audit:prefix string after variable substitutions
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
OPERATION
\- the name of the VFS operation
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
RESULT
\- whether the operation succeeded or failed
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
FILE
\- the name of the file or directory the operation was performed on
.RE
.sp
.RE
.PP
This module is stackable\&.
.SH "OPTIONS"
.PP
vfs_full_audit:prefix = STRING
.RS 4
Prepend audit messages with STRING\&. STRING is processed for standard substitution variables listed in
\fBsmb.conf\fR(5)\&. The default prefix is "%u|%I"\&.
.RE
.PP
vfs_full_audit:success = LIST
.RS 4
LIST is a list of VFS operations that should be recorded if they succeed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&.
.RE
.PP
vfs_full_audit:failure = LIST
.RS 4
LIST is a list of VFS operations that should be recorded if they failed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&.
.RE
.PP
full_audit:facility = FACILITY
.RS 4
Log messages to the named
\fBsyslog\fR(3)
facility\&.
.RE
.PP
full_audit:priority = PRIORITY
.RS 4
Log messages with the named
\fBsyslog\fR(3)
priority\&.
.RE
.SH "EXAMPLES"
.PP
Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address\&. Logging excludes the open VFS function on failures:
.sp
.if n \{\
.RS 4
.\}
.nf
\fI[records]\fR
\m[blue]\fBpath = /data/records\fR\m[]
\m[blue]\fBvfs objects = full_audit\fR\m[]
\m[blue]\fBfull_audit:prefix = %u|%I\fR\m[]
\m[blue]\fBfull_audit:success = open opendir\fR\m[]
\m[blue]\fBfull_audit:failure = all !open\fR\m[]
\m[blue]\fBfull_audit:facility = LOCAL7\fR\m[]
\m[blue]\fBfull_audit:priority = ALERT\fR\m[]
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Reference in New Issue View Git Blame Copy Permalink