SMB_TRAFFIC_ANALYZER(8) | System Administration tools | SMB_TRAFFIC_ANALYZER(8) |
NAME¶
vfs_smb_traffic_analyzer - log Samba VFS read and write operations through a socket to a helper application
SYNOPSIS¶
vfs objects = smb_traffic_analyzer
DESCRIPTION¶
This VFS module is part of the samba(7) suite.
The vfs_smb_traffic_analyzer VFS module logs client file operations on a Samba server and sends this data over a socket to a helper program (in the following the "Receiver"), which feeds a SQL database. More information on the helper programs can be obtained from the homepage of the project at: http://holger123.wordpress.com/smb-traffic-analyzer/ Since the VFS module depends on a receiver that is doing something with the data, it is evolving in it´s development. Therefore, the module works with different protocol versions, and the receiver has to be able to decode the protocol that is used. The protocol version 1 was introduced to Samba at September 25, 2008. It was a very simple protocol, supporting only a small list of VFS operations, and had several drawbacks. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features. With the release of Samba 4.0.0, the module will run protocol version 2 by default.
PROTOCOL VERSION 1 DOCUMENTATION¶
vfs_smb_traffic_analyzer protocol version 1 is aware of the following VFS operations:
vfs_smb_traffic_analyzer sends the following data in a fixed format separated by a comma through either an internet or a unix domain socket:
BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
Description of the records:
This module is stackable.
DRAWBACKS OF PROTOCOL VERSION 1¶
Several drawbacks have been seen with protocol version 1 over time.
VERSION 2 OF THE PROTOCOL¶
Protocol version 2 is an approach to solve the problems introduced with protcol v1. From the users perspective, the following changes are most prominent among other enhancements:
To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
OPTIONS WITH PROTOCOL V1 AND V2.X¶
smb_traffic_analyzer:mode = STRING
smb_traffic_analyzer:host = STRING
smb_traffic_analyzer:port = STRING
smb_traffic_analyzer:anonymize_prefix = STRING
smb_traffic_analyzer:total_anonymization = STRING
smb_traffic_analyzer:protocol_version = STRING
EXAMPLES¶
Running protocol V2 on share "example_share", using an internet socket.
[example_share] path = /data/example vfs_objects = smb_traffic_analyzer smb_traffic_analyzer:host = examplehost smb_traffic_analyzer:port = 3491
The module running on share "example_share", using a unix domain socket
[example_share] path = /data/example vfs objects = smb_traffic_analyzer smb_traffic_analyzer:mode = unix_domain_socket
The module running on share "example_share", using an internet socket, connecting to host "examplehost" on port 3491.
[example_share] path = /data/example vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = examplehost smb_traffic_analyzer:port = 3491
The module running on share "example_share", using an internet socket, connecting to host "examplehost" on port 3491, anonymizing user names with the prefix "User".
[example_share] path = /data/example vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = examplehost smb_traffic_analyzer:port = 3491 smb_traffic_analyzer:anonymize_prefix = User
VERSION¶
This man page is correct for version 3.3 of the Samba suite.
AUTHOR¶
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
The original version of the VFS module and the helper tools were created by Holger Hetterich.
06/20/2018 | Samba 4.2 |