Hi, I have written a patch for /source/modules/vfs_extd_audit.c to allow extd_audit to have a configuration parameter to write or not to syslog. The configuration parameter is: extd_audit: use_syslog = [0|1] Todo: - don't know why DEBUG() does not print to samba log files, even having : log level: 0 vfs:3 - maybe it will be faster having a global variable use_syslog and setting it from the connect callback(). Thus, reading only once the config file. - adding a similar function but for writing or not log files using DEBUG, the configuration should be: extd_audit: use_log = [0|1] Any feedback are welcome, thanks! Oliver
Created attachment 1731 [details] Patch for the description I made this patch using: diff -Naur vfs_extd_audit.c.ori vfs_extd_audit.c > vfs_extd_audit.c.patch Please let me know if I should diff from the top dir, like: diff -Naur samba-3.0.21b.ori samba-3.0.21b
From my point of view ext_audit is in kind of legacy mode. We now have full_audit that potentially audits _all_ entries selectively on success and failure. So I'd rather like to see effort put in there. And, your patch contains DEBUG(10, ("Connected to service %s as user %s\n", svc, user)); + DEBUG(0, ("Oliver Connected to service %s as user %s\n", + svc, user)); Do you really mean that? :-) Volker
(In reply to comment #2) > + DEBUG(0, ("Oliver Connected to service %s as user %s\n", > + svc, user)); Oops, this a late check to see if DEBUG() was working, will delete that line. Sorry about that ;) Oliver
Created attachment 1771 [details] Patch without internal debug messages Updated patch without the debug message I used internally
Oliver, thanks for your updated patch. But this was not the main reason why I did not apply it. Why is it that you can not live with the full_audit module? Volker
Hi Volker, I think I will use the full_audit module. About this patch, I created this small patch after talking in the list about this point: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2617119 To make this point work: "Syslog can be used to record all transaction. This can be disabled by setting in the smb.conf file syslog = 0." Thats all. If the documentation get fixed, this patch become useless. I consider this a very minor patch, so this Bug# can be pointed to users who wants to use extd_audit or that complain about the documentation. Maybe this bug can be marked as WFM, what do you think? Thanks Oliver