Ref:
man vfs_full_audit
Enable full_audit
[global]
# enable "full_audit"
vfs objects = full_audit
# the log message prefix, the default is "%u|%I"
# full_audit:prefix = %u|%I
# log successful "connect", "disconnect" operations
full_audit:success = connect disconnect
# log all failure operations except "open"
full_audit:failure = all !open
info
- VFS full audit operations are different in different version, even
man vfs_full_auditis not updated - If un-supported operation is set,
allis used
Log level
- Higher log level ▶ More detailed log
To set full_audit log level to 10 (debug)
[global]
log level = full_audit:10
# log level = full_audit:10@/var/log/samba/audit.log
To set all log level to 10 (debug)
[global]
log file = /var/log/samba/log.%m
log level = 10
Now, access Samba from client, Samba will log the debug message
Find the un-supported operations
grep -r "Could not find opname" /var/log/samba/
/var/log/samba/log.user-pc.old: Could not find opname chmod, logging all