I have written a patch for /source/modules/vfs_extd_audit.c to allow
extd_audit to have a configuration parameter to write or not to syslog.
The configuration parameter is:
extd_audit: use_syslog = [0|1]
- don't know why DEBUG() does not print to samba log files, even having :
log level: 0 vfs:3
- maybe it will be faster having a global variable use_syslog and setting it
from the connect callback(). Thus, reading only once the config file.
- adding a similar function but for writing or not log files using DEBUG, the
configuration should be: extd_audit: use_log = [0|1]
Any feedback are welcome, thanks!
Created attachment 1731 [details]
Patch for the description
I made this patch using:
diff -Naur vfs_extd_audit.c.ori vfs_extd_audit.c > vfs_extd_audit.c.patch
Please let me know if I should diff from the top dir, like:
diff -Naur samba-3.0.21b.ori samba-3.0.21b
From my point of view ext_audit is in kind of legacy mode. We now have full_audit that potentially audits _all_ entries selectively on success and failure. So I'd rather like to see effort put in there.
And, your patch contains
DEBUG(10, ("Connected to service %s as user %s\n",
+ DEBUG(0, ("Oliver Connected to service %s as user %s\n",
+ svc, user));
Do you really mean that? :-)
(In reply to comment #2)
> + DEBUG(0, ("Oliver Connected to service %s as user %s\n",
> + svc, user));
Oops, this a late check to see if DEBUG() was working, will delete that line.
Sorry about that ;)
Created attachment 1771 [details]
Patch without internal debug messages
Updated patch without the debug message I used internally
Oliver, thanks for your updated patch. But this was not the main reason why I did not apply it. Why is it that you can not live with the full_audit module?
I think I will use the full_audit module.
About this patch,
I created this small patch after talking in the list about this point:
To make this point work:
"Syslog can be used to record all transaction. This can be disabled by setting in the smb.conf file syslog = 0."
Thats all. If the documentation get fixed, this patch become useless.
I consider this a very minor patch, so this Bug# can be pointed to users who wants to use extd_audit or that complain about the documentation.
Maybe this bug can be marked as WFM, what do you think?