Alright, I am unable to locate the rule set I was interested in. I'll consult with my co-worker tomorrow and pull it out for you then.<br><br>Dan Kulinski <br><br><div class="gmail_quote">On Sun, Jan 8, 2012 at 12:06 PM, Dan Kulinski <span dir="ltr"><<a href="mailto:daniel@kulinski.net">daniel@kulinski.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I am pretty sure we have it monitoring the whole filesystem. After lunch I'll pull the rules. As for overhead, we don't see much overhead and this is a pretty high use CIFS server. Of course I don't have hard numbers to back this up just my gut feeling.<span class="HOEnZb"><font color="#888888"><br>
<br>Dan Kulinski <br></font></span><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote">On Sun, Jan 8, 2012 at 12:05 PM, David L. Willson <span dir="ltr"><<a href="mailto:DLWillson@thegeek.nu" target="_blank">DLWillson@thegeek.nu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div style="font-size:12pt;font-family:Times New Roman">Any idea the overhead involved? I have to do the auditing client-side on 12+ machines, because the NFS "server" isn't a standard box.<span><br><br>
And of course, some of the clients that must be audited, are production or mission-critical.<br><br>And, I haven't read enough to say for sure, but it seems like auditd only wants to watch specific files, rather than all access in a whole file-system. Is that so?<div>
<br><br><span name="x"></span>David L. Willson<br>Trainer, Engineer, Enthusiast<br>RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP<br>tel://720.333.LANS<br>Freedom is better when you earn it. Learn Linux.<span name="x"></span><br>
</div></span><br><hr><blockquote style="padding-left:5px;font-size:12pt;font-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)">
<div>We use auditd to watch a system we export via CIFS. Files kept disappearing and we had to be able to track it. Turns out it was a user with a super sensitive mouse dragging folders to other folders. You just need to setup rules and you will be able to query for file accesses on that mount. <br>
<br>Dan Kulinski <br>
<br></div>_______________________________________________<br>clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a></blockquote><br></div></div><br>_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br></blockquote></div><br>
</div></div></blockquote></div><br>