Samba + full_audit
Добавлено: 2014-02-05 15:33:43
Как из выводимого лога аудита убрать записи по маске файла (к примеру *.tmp)
Имеется samba 3.6.9-151.el6_4.1
/etc/samba/smb.conf
[global]
.......
log level = 0 vfs:2
[Share]
.......
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:failure = none
full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:facility = local5
full_audit:priority = notice
/etc/rsyslog.conf
.....
local5.notice /var/log/samba/log.audit
Имеется samba 3.6.9-151.el6_4.1
/etc/samba/smb.conf
[global]
.......
log level = 0 vfs:2
[Share]
.......
vfs objects = full_audit
full_audit:prefix = %u|%I
full_audit:failure = none
full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:facility = local5
full_audit:priority = notice
/etc/rsyslog.conf
.....
local5.notice /var/log/samba/log.audit