...
...
...
...
...
Purpose
This document detail how to configure detailed auditing on CIFS shares, you will be able to audit every operation done by each user connecting to a certain share towards each file and directory starting from opening, creating, modifying, deleting and much more. That will help you in several areas, such as monitoring the activity of each user/application on the storage, detecting any suspicious activity and which user/application caused a certain data loss for example.
Our approach for such level of granular auditing is using Stackable VFS (Virtual File System) modules that samba passes all its request to access the file system to it
Steps
- 1. Configuring Samba:
...