我使用samba为用户提供共享。有时声称他们的文件已经神秘地消失了,所以我很想跟踪删除。
因此我设置了完整的审核。一切正常,除了审计日志经常缺少文件名或具有某种神秘代码。例如;
Dec 12 17:46:04 server1 smbd_audit:
shared|shared|192.168.x.x|matt1|shared|2016/12/12
17:46:04|server1|file_id_create|ok|802:28200da:0
最后一项应该是文件名。为什么会有数字呢? smb.conf的相关部分如下:
[homes]
comment = Home Directories directory mask = 0775
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
valid users = %S
writable = yes
vfs objects = recycle
recycle:repository = .RecycleBin
recycle:keeptree = yes
recycle:exclude = *.tmp, *.bak
vfs objects = full_audit
full_audit:prefix = %u|%U|%I|%m|%S|%T|%D
full_audit:success = mkdir rename unlink rmdir open
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = NOTICE