From 221afae9ae4c8b168399565e7f9f0970a3471afb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 7 Aug 2014 10:44:01 +0000
Subject: vfs_full_audit: Add "full_audit:syslog"

Defaults to true (for compatibility)

With full_audit:syslog=false we DEBUG the messages with level 1.

You can explicitly [en|dis]able this with debug class full_audit:0/1

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 docs-xml/manpages/vfs_full_audit.8.xml |  9 +++++++++
 source3/modules/vfs_full_audit.c       | 35 +++++++++++++++++++++++-----------
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index 2be26b03c4..b7d9be45ea 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -202,6 +202,15 @@
                 </listitem>
                 </varlistentry>
 
+                <varlistentry>
+                <term>full_audit:syslog = true/false</term>
+                <listitem>
+                <para>Log messages to syslog (default) or as a debug level 1
+                message.
+                </para>
+                </listitem>
+                </varlistentry>
+
 	</variablelist>
 </refsect1>
 
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 00af87c53b..eee8246858 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -75,6 +75,7 @@ struct vfs_full_audit_private_data {
 	struct bitmap *failure_ops;
 	int syslog_facility;
 	int syslog_priority;
+	bool do_syslog;
 };
 
 #undef DBGC_CLASS
@@ -493,7 +494,6 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
 	char *audit_pre = NULL;
 	va_list ap;
 	char *op_msg = NULL;
-	int priority;
 
 	SMB_VFS_HANDLE_GET_DATA(handle, pd,
 				struct vfs_full_audit_private_data,
@@ -518,17 +518,25 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
 		goto out;
 	}
 
-	/*
-	 * Specify the facility to interoperate with other syslog callers
-	 * (smbd for example).
-	 */
-	priority = pd->syslog_priority | pd->syslog_facility;
-
 	audit_pre = audit_prefix(talloc_tos(), handle->conn);
-	syslog(priority, "%s|%s|%s|%s\n",
-		audit_pre ? audit_pre : "",
-		audit_opname(op), err_msg, op_msg);
 
+	if (pd->do_syslog) {
+		int priority;
+
+		/*
+		 * Specify the facility to interoperate with other syslog
+		 * callers (smbd for example).
+		 */
+		priority = pd->syslog_priority | pd->syslog_facility;
+
+		syslog(priority, "%s|%s|%s|%s\n",
+		       audit_pre ? audit_pre : "",
+		       audit_opname(op), err_msg, op_msg);
+	} else {
+		DEBUG(1, ("%s|%s|%s|%s\n",
+			  audit_pre ? audit_pre : "",
+			  audit_opname(op), err_msg, op_msg));
+	}
  out:
 	TALLOC_FREE(audit_pre);
 	TALLOC_FREE(op_msg);
@@ -593,8 +601,13 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 
 	pd->syslog_priority = audit_syslog_priority(handle);
 
+	pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
+				     "full_audit", "syslog", true);
+
 #ifdef WITH_SYSLOG
-	openlog("smbd_audit", 0, pd->syslog_facility);
+	if (pd->do_syslog) {
+		openlog("smbd_audit", 0, pd->syslog_facility);
+	}
 #endif
 
 	pd->success_ops = init_bitmap(
-- 
cgit