Bug 3518 - [VFS vfs_extd_audit.c] Option for writing to syslog from vfs_extd_audit.c
[VFS vfs_extd_audit.c] Option for writing to syslog from vfs_extd_audit.c
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
Other Windows XP
: P3 enhancement
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
Blocks: 2349
  Show dependency treegraph
Reported: 2006-02-16 01:03 UTC by Oliver Schulze L.
Modified: 2006-03-04 07:59 UTC (History)
0 users

See Also:

Patch for the description (7.93 KB, patch)
2006-02-16 01:05 UTC, Oliver Schulze L.
no flags Details
Patch without internal debug messages (7.82 KB, patch)
2006-03-03 11:40 UTC, Oliver Schulze L.
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Schulze L. 2006-02-16 01:03:47 UTC
I have written a patch for /source/modules/vfs_extd_audit.c to allow
extd_audit to have a configuration parameter to write or not to syslog.

The configuration parameter is:
extd_audit: use_syslog = [0|1]

- don't know why DEBUG() does not print to samba log files, even having :
  log level: 0 vfs:3
- maybe it will be faster having a global variable use_syslog and setting it
  from the connect callback(). Thus, reading only once the config file.
- adding a similar function but for writing or not log files using DEBUG, the
  configuration should be: extd_audit: use_log = [0|1]

Any feedback are welcome, thanks!
Comment 1 Oliver Schulze L. 2006-02-16 01:05:42 UTC
Created attachment 1731 [details]
Patch for the description

I made this patch using:
diff -Naur vfs_extd_audit.c.ori vfs_extd_audit.c > vfs_extd_audit.c.patch

Please let me know if I should diff from the top dir, like:
diff -Naur samba-3.0.21b.ori samba-3.0.21b
Comment 2 Volker Lendecke 2006-02-16 06:27:34 UTC
From my point of view ext_audit is in kind of legacy mode. We now have full_audit that potentially audits _all_ entries selectively on success and failure. So I'd rather like to see effort put in there.

And, your patch contains 
 	DEBUG(10, ("Connected to service %s as user %s\n",
 	       svc, user));
+	DEBUG(0, ("Oliver Connected to service %s as user %s\n",
+	       svc, user));
Do you really mean that? :-)

Comment 3 Oliver Schulze L. 2006-02-16 12:17:15 UTC
(In reply to comment #2)
> +       DEBUG(0, ("Oliver Connected to service %s as user %s\n",
> +              svc, user));

Oops, this a late check to see if DEBUG() was working, will delete that line.
Sorry about that ;)

Comment 4 Oliver Schulze L. 2006-03-03 11:40:17 UTC
Created attachment 1771 [details]
Patch without internal debug messages

Updated patch without the debug message I used internally
Comment 5 Volker Lendecke 2006-03-03 13:18:20 UTC
Oliver, thanks for your updated patch. But this was not the main reason why I did not apply it. Why is it that you can not live with the full_audit module?

Comment 6 Oliver Schulze L. 2006-03-04 07:59:38 UTC
Hi Volker,
I think I will use the full_audit module. 

About this patch,
I created this small patch after talking in the list about this point:

To make this point work:
"Syslog can be used to record all transaction. This can be disabled by setting in the smb.conf file syslog = 0."

Thats all. If the documentation get fixed, this patch become useless. 
I consider this a very minor patch, so this Bug# can be pointed to users who wants to use extd_audit or that complain about the documentation.

Maybe this bug can be marked as WFM, what do you think?