summaryrefslogtreecommitdiff
path: root/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html')
-rw-r--r--docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html118
1 files changed, 0 insertions, 118 deletions
diff --git a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html b/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
deleted file mode 100644
index 0002cc6a00..0000000000
--- a/docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html
+++ /dev/null
@@ -1,118 +0,0 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smb_traffic_analyzer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smb_traffic_analyzer"><a name="vfs_smb_traffic_analyzer.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfs_smb_traffic_analyzer &#8212; log Samba VFS read and write operations through a socket
- to a helper application</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">vfs objects = smb_traffic_analyzer</code></p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id266337"></a><h2>DESCRIPTION</h2><p>This VFS module is part of the
- <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">vfs_smb_traffic_analyzer</code> VFS module logs
- client file operations on a Samba server and sends this data
- over a socket to a helper program (in the following the "Receiver"),
- which feeds a SQL database. More
- information on the helper programs can be obtained from the
- homepage of the project at:
- http://holger123.wordpress.com/smb-traffic-analyzer/
- Since the VFS module depends on a receiver that is doing something with
- the data, it is evolving in it's development. Therefore, the module
- works with different protocol versions, and the receiver has to be able
- to decode the protocol that is used. The protocol version 1 was
- introduced to Samba at September 25, 2008. It was a very simple
- protocol, supporting only a small list of VFS operations, and had
- several drawbacks. The protocol version 2 is a try to solve the
- problems version 1 had while at the same time adding new features.
- With the release of Samba 3.6.0, the module will run protocol version 2
- by default.
- </p></div><div class="refsect1" title="Protocol version 1 documentation"><a name="id266829"></a><h2>Protocol version 1 documentation</h2><p><code class="literal">vfs_smb_traffic_analyzer</code> protocol version 1 is aware
- of the following VFS operations:</p><table border="0" summary="Simple list" class="simplelist"><tr><td>write</td></tr><tr><td>pwrite</td></tr><tr><td>read</td></tr><tr><td>pread</td></tr></table><p><code class="literal">vfs_smb_traffic_analyzer</code> sends the following data
- in a fixed format separated by a comma through either an internet or a
- unix domain socket:</p><pre class="programlisting">
- BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
- </pre><p>Description of the records:
-
- </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="literal">BYTES</code> - the length in bytes of the VFS operation</p></li><li class="listitem"><p><code class="literal">USER</code> - the user who initiated the operation</p></li><li class="listitem"><p><code class="literal">DOMAIN</code> - the domain of the user</p></li><li class="listitem"><p><code class="literal">READ/WRITE</code> - either "W" for a write operation or "R" for read</p></li><li class="listitem"><p><code class="literal">SHARE</code> - the name of the share on which the VFS operation occurred</p></li><li class="listitem"><p><code class="literal">FILENAME</code> - the name of the file that was used by the VFS operation</p></li><li class="listitem"><p><code class="literal">TIMESTAMP</code> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occurred</p></li><li class="listitem"><p><code class="literal">IP</code> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</p></li></ul></div><p>
-
- </p><p>This module is stackable.</p></div><div class="refsect1" title="Drawbacks of protocol version 1"><a name="id265760"></a><h2>Drawbacks of protocol version 1</h2><p>Several drawbacks have been seen with protocol version 1 over time.</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
- <code class="literal">Problematic parsing - </code>
- Protocol version 1 uses hyphen and comma to seperate blocks of data. Once there is a
- filename with a hyphen, you will run into problems because the receiver decodes the
- data in a wrong way.
- </p></li><li class="listitem"><p>
- <code class="literal">Insecure network transfer - </code>
- Protocol version 1 sends all it's data as plaintext over the network.
- </p></li><li class="listitem"><p>
- <code class="literal">Limited set of supported VFS operations - </code>
- Protocol version 1 supports only four VFS operations.
- </p></li><li class="listitem"><p>
- <code class="literal">No subreleases of the protocol - </code>
- Protocol version 1 is fixed on it's version, making it unable to introduce new
- features or bugfixes through compatible sub-releases.
- </p></li></ul></div></div><div class="refsect1" title="Version 2 of the protocol"><a name="id265826"></a><h2>Version 2 of the protocol</h2><p>Protocol version 2 is an approach to solve the problems introduced with protcol v1.
- From the users perspective, the following changes are most prominent among other enhancements:
- </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
- The data from the module may be send encrypted, with a key stored in secrets.tdb. The
- Receiver then has to use the same key. The module does AES block encryption over the
- data to send.
- </p></li><li class="listitem"><p>
- The module now can identify itself against the receiver with a sub-release number, where
- the receiver may run with a different sub-release number than the module. However, as
- long as both run on the V2.x protocol, the receiver will not crash, even if the module
- uses features only implemented in the newer subrelease. If the module uses
- a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
- ignoring the functionality. Of course it is best to have both the receiver and the module
- running the same subrelease of the protocol.
- </p></li><li class="listitem"><p>
- The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the
- data packages in a proper way.
- </p></li><li class="listitem"><p>
- The module now potientially has the ability to create data on every VFS function. As of
- protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite,
- rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the
- upcoming sub-releases.
- </p></li></ul></div><p>
- To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
- </p></div><div class="refsect1" title="OPTIONS with protocol V1 and V2.x"><a name="id265881"></a><h2>OPTIONS with protocol V1 and V2.x</h2><div class="variablelist"><dl><dt><span class="term">smb_traffic_analyzer:mode = STRING</span></dt><dd><p>If STRING matches to "unix_domain_socket", the module will
- use a unix domain socket located at /var/tmp/stadsocket, if
- STRING contains an different string or is not defined, the module will
- use an internet domain socket for data transfer.</p></dd><dt><span class="term">smb_traffic_analyzer:host = STRING</span></dt><dd><p>The module will send the data to the system named with
- the hostname STRING.</p></dd><dt><span class="term">smb_traffic_analyzer:port = STRING</span></dt><dd><p>The module will send the data using the TCP port given
- in STRING.
- </p></dd><dt><span class="term">smb_traffic_analyzer:anonymize_prefix = STRING</span></dt><dd><p>The module will replace the user names with a prefix
- given by STRING and a simple hash number. In version 2.x
- of the protocol, the users SID will also be anonymized.
- </p></dd><dt><span class="term">smb_traffic_analyzer:total_anonymization = STRING</span></dt><dd><p>If STRING matches to 'yes', the module will replace
- any user name with the string given by the option
- smb_traffic_analyzer:anonymize_prefix, without generating
- an additional hash number. This means that any transfer data
- will be mapped to a single user, leading to a total
- anonymization of user related data. In version 2.x of the
- protocol, the users SID will also be anonymized.</p></dd><dt><span class="term">smb_traffic_analyzer:protocol_version = STRING</span></dt><dd><p>If STRING matches to V1, the module will use version 1 of the
- protocol. If STRING is not given, the module will use version 2 of the
- protocol, which is the default.
- </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id265980"></a><h2>EXAMPLES</h2><p>Running protocol V2 on share "example_share", using an internet socket.</p><pre class="programlisting">
- <em class="parameter"><code>[example_share]</code></em>
- <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a>
- <a class="link" href="smb.conf.5.html#VFS_OBJECTS" target="_top">vfs_objects = smb_traffic_analyzer</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a>
- </pre><p>The module running on share "example_share", using a unix domain socket</p><pre class="programlisting">
- <em class="parameter"><code>[example_share]</code></em>
- <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a>
- <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:MODE" target="_top">smb_traffic_analyzer:mode = unix_domain_socket</a>
- </pre><p>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491.</p><pre class="programlisting">
- <em class="parameter"><code>[example_share]</code></em>
- <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a>
- <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a>
- </pre><p>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491, anonymizing user names with
- the prefix "User".</p><pre class="programlisting">
- <em class="parameter"><code>[example_share]</code></em>
- <a class="link" href="smb.conf.5.html#PATH" target="_top">path = /data/example</a>
- <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = smb_traffic_analyzer</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:HOST" target="_top">smb_traffic_analyzer:host = examplehost</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:PORT" target="_top">smb_traffic_analyzer:port = 3491</a>
- <a class="link" href="smb.conf.5.html#SMB_TRAFFIC_ANALYZER:ANONYMIZE_PREFIX" target="_top">smb_traffic_analyzer:anonymize_prefix = User</a>
- </pre></div><div class="refsect1" title="VERSION"><a name="id307321"></a><h2>VERSION</h2><p>This man page is correct for version 3.3 of the Samba suite.
- </p></div><div class="refsect1" title="AUTHOR"><a name="id307331"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</p><p>The original version of the VFS module and the
- helper tools were created by Holger Hetterich.</p></div></div></body></html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-01 13:06:02 +0000