usually, if/when you enable samba audit module, you will feel significant drop in performance, especially when your share folder simultaneously accessed by many users.
to have full audit logging without performance degradation, you will need a very fast write to log folder/partition. and what is faster than RAM?
so, we mount RAM to be used as our samba logging, put this line into /etc/fstab
now, we tell samba and syslog to write their log to /sambalog:
then, restart samba & syslog:
now, watch /sambalog grows and feel the performance boost.
wait...
what the heck we do logging for if everything's gone on next boot!
ok, let's get back those logs from RAM:
all logs will be zipped back to hdd for safe keep.
-- tips & tricks on computers and gadgets denny on IT ; let's doIT documenting the brain
to have full audit logging without performance degradation, you will need a very fast write to log folder/partition. and what is faster than RAM?
so, we mount RAM to be used as our samba logging, put this line into /etc/fstab
tmpfs /sambalog tmpfs defaults,noexec,nosuid,nodev 1 0
now, we tell samba and syslog to write their log to /sambalog:
# this line into /etc/syslog.conf user.*;user.!warn /sambalog/fullaudit.log #and this line into /etc/samba/smb.conf log file = /sambalog/smbd.log
then, restart samba & syslog:
service smb restart service syslog restart
now, watch /sambalog grows and feel the performance boost.
wait...
what the heck we do logging for if everything's gone on next boot!
ok, let's get back those logs from RAM:
# cat /etc/cron.d/logbak */5 * * * * root zip -ru "/var/log/bak-$(date +%d).zip" /sambalog
all logs will be zipped back to hdd for safe keep.
-- tips & tricks on computers and gadgets denny on IT ; let's doIT documenting the brain
Comments
http://freegame3.com