1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb_traffic_analyzer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="vfs_smb_traffic_analyzer.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfs_smb_traffic_analyzer — log Samba VFS read and write operations through a socket 2 to a helper application</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">vfs objects = smb_traffic_analyzer</code></p></div></div><div class="refsect1" lang="en"><a name="id2522906"></a><h2>DESCRIPTION</h2><p>This VFS module is part of the 3 <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">vfs_smb_traffic_analyzer</code> VFS module logs 4 client write and read operations on a Samba server and sends this data 5 over a socket to a helper program, which feeds a SQL database. More 6 information on the helper programs can be obtained from the 7 homepage of the project at: 8 http://holger123.wordpress.com/smb-traffic-analyzer/ 9 </p><p><code class="literal">vfs_smb_traffic_analyzer</code> currently is aware 10 of the following VFS operations:</p><table class="simplelist" border="0" summary="Simple list"><tr><td>write</td></tr><tr><td>pwrite</td></tr><tr><td>read</td></tr><tr><td>pread</td></tr></table><p><code class="literal">vfs_smb_traffic_analyzer</code> sends the following data 11 in a fixed format seperated by a comma through either an internet or a 12 unix domain socket:</p><pre class="programlisting"> 13 BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP 14 </pre><p>Description of the records: 15 16 </p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">BYTES</code> - the length in bytes of the VFS operation</p></li><li><p><code class="literal">USER</code> - the user who initiated the operation</p></li><li><p><code class="literal">DOMAIN</code> - the domain of the user</p></li><li><p><code class="literal">READ/WRITE</code> - either "W" for a write operation or "R" for read</p></li><li><p><code class="literal">SHARE</code> - the name of the share on which the VFS operation occured</p></li><li><p><code class="literal">FILENAME</code> - the name of the file that was used by the VFS operation</p></li><li><p><code class="literal">TIMESTAMP</code> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</p></li></ul></div><p> 17 18 </p><p>This module is stackable.</p></div><div class="refsect1" lang="en"><a name="id2483552"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">smb_traffic_analyzer:mode = STRING</span></dt><dd><p>If STRING matches to "unix_domain_socket", the module will 19 use a unix domain socket located at /var/tmp/stadsocket, if 20 STRING contains an different string or is not defined, the module will 21 use an internet domain socket for data transfer.</p></dd><dt><span class="term">smb_traffic_analyzer:host = STRING</span></dt><dd><p>The module will send the data to the system named with 22 the hostname STRING.</p></dd><dt><span class="term">smb_traffic_analyzer:port = STRING</span></dt><dd><p>The module will send the data using the TCP port given 23 in STRING. 24 </p></dd><dt><span class="term">smb_traffic_analyzer:anonymize_prefix = STRING</span></dt><dd><p>The module will replace the user names with a prefix 25 given by STRING and a simple hash number. 26 </p></dd><dt><span class="term">smb_traffic_analyzer:total_anonymization = STRING</span></dt><dd><p>If STRING matches to 'yes', the module will replace 27 any user name with the string given by the option 28 smb_traffic_analyzer:anonymize_prefix, without generating 29 an additional hash number. This means that any transfer data 30 will be mapped to a single user, leading to a total 31 anonymization of user related data.</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2483644"></a><h2>EXAMPLES</h2><p>The module running on share "example_share", using a unix domain socket</p><pre class="programlisting"> 32 <em class="parameter"><code>[example_share]</code></em> 33 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a> 34 <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a> 35 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:MODE" target="_top">smb_traffic_analyzer:mode = unix_domain_socket</a> 36 </pre><p>The module running on share "example_share", using an internet socket, 37 connecting to host "examplehost" on port 3491.</p><pre class="programlisting"> 38 <em class="parameter"><code>[example_share]</code></em> 39 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a> 40 <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a> 41 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a> 42 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a> 43 </pre><p>The module running on share "example_share", using an internet socket, 44 connecting to host "examplehost" on port 3491, anonymizing user names with 45 the prefix "User".</p><pre class="programlisting"> 46 <em class="parameter"><code>[example_share]</code></em> 47 <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a> 48 <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a> 49 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a> 50 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a> 51 <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:ANONYMIZE_PREFIX" target="_top">smb_traffic_analyzer:anonymize_prefix = User</a> 52 </pre></div><div class="refsect1" lang="en"><a name="id2481591"></a><h2>VERSION</h2><p>This man page is correct for version 3.3 of the Samba suite. 53 </p></div><div class="refsect1" lang="en"><a name="id2481602"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities 54 were created by Andrew Tridgell. Samba is now developed 55 by the Samba Team as an Open Source project similar 56 to the way the Linux kernel is developed.</p><p>The original version of the VFS module and the 57 helper tools were created by Holger Hetterich.</p></div></div></body></html> 58