1SMB_TRAFFIC_ANALYZER(8) System Administration tools SMB_TRAFFIC_ANALYZER(8)
2
6 vfs_smb_traffic_analyzer - log Samba VFS read and write operations
7 through a socket to a helper application
8
10 vfs objects = smb_traffic_analyzer
11
13 This VFS module is part of the samba(7) suite.
14 The vfs_smb_traffic_analyzer VFS module logs client write and read
16 operations on a Samba server and sends this data over a socket to a
17 helper program, which feeds a SQL database. More information on the
18 helper programs can be obtained from the homepage of the project at:
19 http://holger123.wordpress.com/smb-traffic-analyzer/
20 vfs_smb_traffic_analyzer currently is aware of the following VFS
22 operations:
23 write
24 pwrite
25 read
26 pread
27 vfs_smb_traffic_analyzer sends the following data in a fixed format
29 seperated by a comma through either an internet or a unix domain
30 socket:
31 BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
33 Description of the records:
36 · BYTES - the length in bytes of the VFS operation
38 · USER - the user who initiated the operation
40 · DOMAIN - the domain of the user
42 · READ/WRITE - either "W" for a write operation or "R" for read
44 · SHARE - the name of the share on which the VFS operation occured
46 · FILENAME - the name of the file that was used by the VFS operation
48 · TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms"
50 indicating when the VFS operation occured
51 This module is stackable.
54
56 smb_traffic_analyzer:mode = STRING
57 If STRING matches to "unix_domain_socket", the module will use a
58 unix domain socket located at /var/tmp/stadsocket, if STRING
59 contains an different string or is not defined, the module will use
60 an internet domain socket for data transfer.
61 smb_traffic_analyzer:host = STRING
63 The module will send the data to the system named with the hostname
64 STRING.
65 smb_traffic_analyzer:port = STRING
67 The module will send the data using the TCP port given in STRING.
68 smb_traffic_analyzer:anonymize_prefix = STRING
70 The module will replace the user names with a prefix given by
71 STRING and a simple hash number.
72 smb_traffic_analyzer:total_anonymization = STRING
74 If STRING matches to ´yes´, the module will replace any user name
75 with the string given by the option
76 smb_traffic_analyzer:anonymize_prefix, without generating an
77 additional hash number. This means that any transfer data will be
78 mapped to a single user, leading to a total anonymization of user
79 related data.
80
82 The module running on share "example_share", using a unix domain socket
83 [example_share]
85 path = /data/example
86 vfs objects = smb_traffic_analyzer
87 smb_traffic_analyzer:mode = unix_domain_socket
88 The module running on share "example_share", using an internet socket,
91 connecting to host "examplehost" on port 3491.
92 [example_share]
94 path = /data/example
95 vfs objects = smb_traffic_analyzer
96 smb_traffic_analyzer:host = examplehost
97 smb_traffic_analyzer:port = 3491
98 The module running on share "example_share", using an internet socket,
101 connecting to host "examplehost" on port 3491, anonymizing user names
102 with the prefix "User".
103 [example_share]
105 path = /data/example
106 vfs objects = smb_traffic_analyzer
107 smb_traffic_analyzer:host = examplehost
108 smb_traffic_analyzer:port = 3491
109 smb_traffic_analyzer:anonymize_prefix = User
110
113 This man page is correct for version 3.3 of the Samba suite.
114
116 The original Samba software and related utilities were created by
117 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
118 Source project similar to the way the Linux kernel is developed.
119 The original version of the VFS module and the helper tools were
121 created by Holger Hetterich.
122Samba 3.5 08/02/2011 SMB_TRAFFIC_ANALYZER(8)