Web lists-archives.com

Re: [Samba] vfs_full_audit and facility 'auth'...




On 11 May 2018 at 10:58, Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
wrote:

> On Fri, 11 May 2018 09:14:24 +0200
> Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Mandi! Rowland Penny via samba
> >   In chel di` si favelave...
> >
> > > You would replace 'FACILITY' with one of the facilities shown in
> > > 'man syslog' e.g. full_audit:facility = LOG_AUTH
> >
> > OK, done. But samba (as stated in previous email) still reply:
> >
> >  [2018/05/08 17:34:42.388486,
> > 0] ../source3/param/loadparm.c:1179(lp_enum) lp_enum(LOG_AUTH,enum):
> > value is not in enum_list!
> >
> > so seems that 'auth' and also 'LOG_AUTH' is not a valid keyword...
> >
> >
> > (debian jessie, systemd, samba 4.5 from louis repository)
> >
>
> OK, if you look in 'man vfs_full_audit' is says this:
>
>         full_audit:facility = FACILITY
>            Log messages to the named syslog(3) facility.
>
> If you then examine 'man syslog', 'LOG_AUTH' is a listed facility, but
> I can confirm that using it with vfs_full_audit doesn't work, 'LOCAL5'
> does.
>
> Does anybody know which of the facilities listed in 'man syslog'
> actually work ? or do I have try each of them to find out ?
>
>
Use the source, Like! (c)

static int audit_syslog_facility(vfs_handle_struct *handle)
{
        static const struct enum_list enum_log_facilities[] = {
                { LOG_USER, "USER" },
                { LOG_LOCAL0, "LOCAL0" },
                { LOG_LOCAL1, "LOCAL1" },
                { LOG_LOCAL2, "LOCAL2" },
                { LOG_LOCAL3, "LOCAL3" },
                { LOG_LOCAL4, "LOCAL4" },
                { LOG_LOCAL5, "LOCAL5" },
                { LOG_LOCAL6, "LOCAL6" },
                { LOG_LOCAL7, "LOCAL7" },
                { -1, NULL}
        };

        int facility;

        facility = lp_parm_enum(SNUM(handle->conn), "full_audit",
"facility", enum_log_facilities, LOG_USER);

        return facility;
}

Clearly, the only possible facilities are LOCAL* and USER. That raises the
question why it's not mentioned in the man page and why is this limitation
in place?

With regards,
Timur Bakeyev.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba