[Bug 272471] net/samba416 vfs full_audit not logging as expected

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 12 Jul 2023 14:44:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272471

            Bug ID: 272471
           Summary: net/samba416 vfs full_audit not logging as expected
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: timur@FreeBSD.org
          Reporter: rob2g2-freebsd@bitbert.com
             Flags: maintainer-feedback?(timur@FreeBSD.org)
          Assignee: timur@FreeBSD.org

the following config:

   vfs objects = full_audit
   full_audit: failure = open
   full_audit: success = all
   full_audit: prefix = %U|%I|%m|%S|%L|%R|%a|%T|%D
   full_audit: facility = local7
   full_audit: priority = NOTICE

creates the following log entries when creating a file:

Jul 12 16:05:44 testserver smbd_audit[19042]:
myuser|192.168.1.12|testvm|IPC_|ZION|SMB3_11|OSX|2023/07/12
16:05:44|TESTSERVER|chdir|ok|chdir|/
Jul 12 16:05:44 testserver smbd_audit[19042]:
myuser|192.168.1.12|testvm|IPC_|ZION|SMB3_11|OSX|2023/07/12
16:05:44|TESTSERVER|stat|ok|/tmp
Jul 12 16:05:44 testserver smbd_audit[19042]:
myuser|192.168.1.12|testvm|IPC_|ZION|SMB3_11|OSX|2023/07/12
16:05:44|TESTSERVER|file_id_create|ok|14533708491458043592:34:0

this is also the case with 4.13

On Ubuntu 22.04 with Samba 4.15 and Debian with Samba 4.18, a log entry looks
like the following (provides more information, and the information I would need
expect):


2023-07-12T16:38:54.432092+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|openat|ok|r|/files/testshare/test - Copy.txt
2023-07-12T16:38:54.432399+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|fstat|ok|/files/testshare/test - Copy.txt
2023-07-12T16:38:54.432708+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|file_id_create|ok|65025:654084:0
2023-07-12T16:38:54.432992+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|fgetxattr|ok|/files/testshare/test - Copy.txt|user.DOSATTRIB
2023-07-12T16:38:54.433237+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|fget_dos_attributes|ok|/files/testshare/test - Copy.txt
2023-07-12T16:38:54.433498+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|file_id_create|ok|65025:654084:0
2023-07-12T16:38:54.433762+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|get_alloc_size|ok|4096
2023-07-12T16:38:54.434045+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|fs_file_id|ok|654084
2023-07-12T16:38:54.434295+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|flistxattr|ok|/files/testshare/test - Copy.txt
2023-07-12T16:38:54.434538+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|file_id_create|ok|65025:654084:0
2023-07-12T16:38:54.434813+02:00 deb12 smbd_audit:
myuser|192.168.1.15|win10vm|testshare|DEB12|SMB3_11|Vista|2023/07/12
16:38:54|DEB12|close|ok|/files/testshare/test - Copy.txt


note, the file share name under FreeBSD is wrong and of course the file id
should be the path of the file.

-- 
You are receiving this mail because:
You are the assignee for the bug.