milancesal
Dabbler
- Joined
- Nov 1, 2017
- Messages
- 12
I mean just the file "creation" which is the "first write" of a file.
Here is my full_audit config:
mkdir and rmdir work fine - create and delete of directories
link - this is in the documentation, but doesn't log anything
unlink - this logs file delete. works fine.
rename - renaming directories and files. works fine too.
write - no log entry just like link. (outdated documentation)
open - This logs every time when I open a file.
pwrite - This does log file writes, but all writes including modifications and appends. Not just the first write. You just copy one file into share then you get lots of pwrite log entries. One write action for every write of a block.
There are so many other operations in the documentations. Which one should I include?
It doesn't have to actually mean 'creation', but something else as long as it logs filename with path and leaves only 1 log entry when the file gets created.
Here is my full_audit config:
Code:
full_audit:prefix = %u|%m|%I|%S full_audit:success = mkdir rmdir link unlink rename full_audit:failure = none full_audit:facility = local7 full_audit:priority = notice
mkdir and rmdir work fine - create and delete of directories
link - this is in the documentation, but doesn't log anything
unlink - this logs file delete. works fine.
rename - renaming directories and files. works fine too.
write - no log entry just like link. (outdated documentation)
open - This logs every time when I open a file.
pwrite - This does log file writes, but all writes including modifications and appends. Not just the first write. You just copy one file into share then you get lots of pwrite log entries. One write action for every write of a block.
There are so many other operations in the documentations. Which one should I include?
It doesn't have to actually mean 'creation', but something else as long as it logs filename with path and leaves only 1 log entry when the file gets created.
Last edited:
