I'm reposting atleast 8 months old bug: When using the full_audit VFS a lot of (hundreds per second) nonsense messages are logged - it can very fast lead to "out of resources" state of the server... With configuration as follows: vfs objects = full_audit full_audit:prefix = %u|%m full_audit:success = connect opendir chdir mkdir rmdir open unlink rename full_audit:failure = connect opendir chdir mkdir rmdir open unlink rename The log will also contain readdir and stat entries, which should have been omitted: Jan 9 04:21:39 gateway smbd_audit: nobody|brigada|stat|ok|Dokumenty Jan 10 07:31:42 gateway smbd_audit: nobody|192.168.0.162|opendir|ok|Kancelar/FAKTURY/2004/FO Jan 10 07:31:42 gateway smbd_audit: nobody|192.168.0.162|readdir|ok| Jan 10 07:31:42 gateway last message repeated 920 times Jan 10 07:31:42 gateway smbd_audit: nobody|192.168.0.162|closedir|ok| How reproducible: Always Steps to Reproduce: Use VFS full_audit with the config above and try to explore ro search for a file from Windows SMB client. Actual Results: Log entries that should have been masked are visible. Expected Results: There should be no readdir (and other) entries unless explicitly listed in the config. Additional info: The bad thing is that the lack of filtering makes full_audit unusable, it generates too many entries and significantly slows down the server.
I've just tried to reproduce your problem on SuSE Linux 9.2 (Kernel 2.6.8) but failed. It just worked as expected. I did see opendir but no stat and readdir calls in /var/log/messages. You are really using 3.0.20? Volker
why is this assigned to jelmer?
closing
The problem doesn't occur from W2k3 server - if the ""My Computer -> menu -> Folder Options -> View -> Show pop-up description for folder and desktop items"" is OFF If this switch is ON, then the problem is fatal - log grows incredibly. >From Win XP stations the problem is in both situations. I'm attaching system and samba versions, important parts of smb.conf and syslog.conf and one second snapshot from the logfile: Thank you very much for help. Vaclav Svatek cmis001# uname -a FreeBSD cmis001.domain.cz 5.4-STABLE FreeBSD 5.4-STABLE #0: Wed Jul 13 23:01:07 CEST 2005 root@:/usr/obj/usr/src/sys/CMIS001 i386 cmis001# smbd -V Version 3.0.20 cmis001# cat smb.conf [global] workgroup = CMR3 netbios name = SAMBA3 server string = Samba 3 Server interfaces = 192.168.1.1/24 passdb backend = ldapsam:ldaps://ldap.domain.cz load printers = No logon script = %U.bat logon path = \\%L\%U\%U domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = "cn=SambaAdmin,dc=domain,dc=cz" ldap group suffix = ou=Groups ldap machine suffix = ou=Machines,ou=People ldap suffix = dc=domain,dc=cz ldap user suffix = ou=People read only = No create mask = 0775 directory mask = 0775 hosts allow = 192.168.1., 127. vfs objects = full_audit full_audit:success = rmdir unlink mkdir rename write open full_audit:prefix = %u|%m full_audit:failure = write [backup] comment = Backup path = /backup valid users = svatek, markos read only = Yes [databaze] comment = Databaze path = /data/databaze [homes] comment = Domovsky adresar browseable = No [netlogon] comment = Network Logon Service path = /data/netlogon share modes = No [spravci] comment = Spravci IS path = /data/spravci ---SNIP---- cmis001# cat /etc/syslog.conf ---SNIP---- !smbd_audit *.* /var/log/samba/smbd_audit.log One second (!!!) snip from /var/log/samba/smbd_audit.log: cmis001# cat /var/log/samba/smbd_audit.log | grep "Sep 29 14:58:05 cmis001" Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|. Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok|. Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 last message repeated 52 times Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie - NabidkaBytuProdej.rtf Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie.xls Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie28. 7.xls Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./KopieWord.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie Word.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie Microsoft Word.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./test Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Kopie - ceník.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./ID 50847.txt Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./kancelar.pps Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./koment.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Magreal.xls Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./ceník.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./NabidkaBytuProdej.rtf Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./016f.xls Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./fotoaparátu.doc Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./Telefonní seznam Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./vcalendar Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./admin Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./CMR s.r.o Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|opendir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|stat|ok|./\nky Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|readdir|ok| Sep 29 14:58:05 cmis001 smbd_audit: markos|pc-28|closedir|ok|
Could you add a debug level 10 log of smbd? At least on SuSE Linux 9.2 this worked correctly for me, maybe something with freebsd is not right. Thanks, Volker
Created attachment 1463 [details] Smbd, nmbd and full_audit logs
Ok, the key seems to be that the vfs_objects option is in the [global] section. Could you put all audit related into the share definitions? This makes the difference for me. I'm setting this bug to "later", as I'd say that there is a valid workaround, and to be honest right now I don't have the time to really look into the smb.conf loading code. Please re-open again if copying the options to the share definitions does not do it for you. Volker
not sure why this was assigned to me
reopen before reassign
setting to LATER again