Folks, Given recent discussion on this list I have just updated the master Samba-Docs information regarding the Debug Class (Log Level) settings and the audit information each causes to be logged. This will appear in on-line versions of the Samba-HOWTO-Collection within 24 hours. To obtain an updated version point your browser at: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
The purpose of the extd_audit (Extended Audit) module is to permit logging of critical file and directory access to BOTH syslog as well as to individual log files. To create individual log file you can use: log file = /var/log/samba/%U.%m.log log level = 0 vfs:[012] syslog = 0 ie: log level = 0 vfs:0 or log level = 0 vfs:1 or log level = 0 vfs:2 In this example, syslog information will be only critical general samba information, plus full detail for all VFS modules up to the log level specified. Please refer to the documentation in the VFS Modules chapter - the information logged has changed from what was previously documented. This will create an individual per-user-per-client log of all level 0, 1, or 2 action. See also the updated chapter on Debugging Samba (Chapter 34.3.1). Despite recent criticism regarding the difficulty of establishing acceptable auditing logs, this module is in use in a number of sites that require strict auditability of file and directory operations. Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba