vfs_full_audit: Add "full_audit:syslog"

Defaults to true (for compatibility)

With full_audit:syslog=false we DEBUG the messages with level 1.

You can explicitly [en|dis]able this with debug class full_audit:0/1

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index 2be26b03c476d6af8ddf6565cf54d2c34d88032c..b7d9be45eaa399f3987d2c91b99557ee72da6643 100644 (file)
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -202,6 +202,15 @@
                 </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                <term>full_audit:syslog = true/false</term>
+                <listitem>
+                <para>Log messages to syslog (default) or as a debug level 1
+                message.
+                </para>
+                </listitem>
+                </varlistentry>
+
        </variablelist>
 </refsect1>
 

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 00af87c53beb084d9e6c08db471f1d7771abaeb1..eee824685806b297ceeeb863d47b5a5b1dc8d2d8 100644 (file)
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -75,6 +75,7 @@ struct vfs_full_audit_private_data {
        struct bitmap *failure_ops;
        int syslog_facility;
        int syslog_priority;
+       bool do_syslog;
 };
 
 #undef DBGC_CLASS
@@ -493,7 +494,6 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
        char *audit_pre = NULL;
        va_list ap;
        char *op_msg = NULL;
-       int priority;
 
        SMB_VFS_HANDLE_GET_DATA(handle, pd,
                                struct vfs_full_audit_private_data,
@@ -518,17 +518,25 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
                goto out;
        }
 
-       /*
-        * Specify the facility to interoperate with other syslog callers
-        * (smbd for example).
-        */
-       priority = pd->syslog_priority | pd->syslog_facility;
-
        audit_pre = audit_prefix(talloc_tos(), handle->conn);
-       syslog(priority, "%s|%s|%s|%s\n",
-               audit_pre ? audit_pre : "",
-               audit_opname(op), err_msg, op_msg);
 
+       if (pd->do_syslog) {
+               int priority;
+
+               /*
+                * Specify the facility to interoperate with other syslog
+                * callers (smbd for example).
+                */
+               priority = pd->syslog_priority | pd->syslog_facility;
+
+               syslog(priority, "%s|%s|%s|%s\n",
+                      audit_pre ? audit_pre : "",
+                      audit_opname(op), err_msg, op_msg);
+       } else {
+               DEBUG(1, ("%s|%s|%s|%s\n",
+                         audit_pre ? audit_pre : "",
+                         audit_opname(op), err_msg, op_msg));
+       }
  out:
        TALLOC_FREE(audit_pre);
        TALLOC_FREE(op_msg);
@@ -593,8 +601,13 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 
        pd->syslog_priority = audit_syslog_priority(handle);
 
+       pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
+                                    "full_audit", "syslog", true);
+
 #ifdef WITH_SYSLOG
-       openlog("smbd_audit", 0, pd->syslog_facility);
+       if (pd->do_syslog) {
+               openlog("smbd_audit", 0, pd->syslog_facility);
+       }
 #endif
 
        pd->success_ops = init_bitmap(