From 3ad9d108a7404d625454efda0d000e4caa543e7a Mon Sep 17 00:00:00 2001 From: tprouty Date: Wed, 26 Aug 2009 01:38:14 +0000 Subject: s3: Allow full_audit to play nice with smbd if it's using syslog Explictly pass the facility from both smbd and full_audit to syslog. Really the only major change is to not call openlog() in full_audit if WITH_SYSLOG is defined, which implies that smbd is already using syslog. This allows full audit to piggy-back on the same ident as smbd, while still differentiating the logging via the facility. --- source3/modules/vfs_full_audit.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'source3/modules/vfs_full_audit.c') diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 667db7a4bd..0f6de79bcf 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -510,6 +510,7 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, char *audit_pre = NULL; va_list ap; char *op_msg = NULL; + int priority; if (success && (!log_success(handle, op))) goto out; @@ -530,8 +531,15 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, goto out; } + /* + * Specify the facility to interoperate with other syslog callers + * (smbd for example). + */ + priority = audit_syslog_priority(handle) | + audit_syslog_facility(handle); + audit_pre = audit_prefix(talloc_tos(), handle->conn); - syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n", + syslog(priority, "%s|%s|%s|%s\n", audit_pre ? audit_pre : "", audit_opname(op), err_msg, op_msg); @@ -606,7 +614,9 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, } ZERO_STRUCTP(pd); +#ifndef WITH_SYSLOG openlog("smbd_audit", 0, audit_syslog_facility(handle)); +#endif init_bitmap(&pd->success_ops, lp_parm_string_list(SNUM(handle->conn), "full_audit", "success", -- cgit