CIFS debugging - not enough information

Question

I am using RedHat RHEL 6. The goal is to identify whether an application running on the local server is setting 'HIDDEN' file attribute on the remote CIFS share.

I have first enabled the logging in syslog config:

kern.;.info;mail.none;authpriv.none;cron.none /var/log/messages

*.debug /var/log/cifs-log

Then, I have set the logging level to 9:

echo 7 > /proc/fs/cifs/cifsFYI

echo 1 > /proc/fs/cifs/traceSMB

As a result, all I get for the attempt of one of the local applications to write file attributes is the following:

Oct 19 17:09:53 linux-server kernel: fs/cifs/inode.c: Update attributes: \FileShare\Documents\filename.xml inode 0xffff8800465a3af0 count 1 dentry: 0xffff8804069b78c0 d_time 13784446293 jiffies 13978389210

How do I find out what attributes were set exactly? Was it just the time and jiffytime that were updated?

Somewhat related: Is it possible to find out what program or script created a given file? The answers there could be adapted for monitoring changes in file attributes. — sebasth, Oct 20 '18 at 16:23
Slightly different, because their scenario is "This is my *nix filesystem, and I want to know what's going on here.", while my scenario is "This is my pool of applications, and I want to know what they do on the REMOTE server". But thank you for the link - useful info! — Tony Sepia, Oct 20 '18 at 22:20

CIFS debugging - not enough information

0 Answers0