Hi, I'm running a 134f kernel with native SMB and I'm trying to figure out how to see who deletes a file via CIFS.
So far I only get smb_session_setup and smb_session_logoff, and local file deletes in my audit log. I've tried hardcoding smb in audit_user, but that doesn't seem to help. My audit_control is currently (though I've had all,fa,fd, various others that looked good, as well): dir:/var/audit flags: lo,ex naflags: lo,ex minfree:5 I've also added args and env just for giggles... I think I may have to follow the NFSv4 route and use DTrace - which I know absolutely nothing about. That or change to Samba, but I don't want to break anything. Other than lack of audit logs, it works just fine. Any ideas? Thanks, Rick ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
