[Samba] full_audit syslog logging question
Wyll Ingersoll
wyllys.ingersoll at keepertech.com
Fri Mar 10 17:59:51 UTC 2023
Running Samba 4.16.4 and having problems getting the vfs_full_audit module to send anything to syslog. I can get it to log to a file, but nothing happens when using syslog only.
Configuration looks like:
[global]
...
log level = 4
log file = /var/log/samba/log.%m
logging = syslog at 4
...
[foobar]
path = /foobar
vfs objects = full_audit streams_xattr acl_xattr
full_audit:priority = INFO
full_audit:facility = local5
full_audit:success = all
full_audit:failure = all
full_audit:prefix = %u|%I|%m|%S|%P
I have monitored the system port 514 with tcpdump and verify that nothing is being sent out even when there is activity on the share (mount/unmount, list directories, write/delete files). If I switch it to "logging = syslog at 4 file", I can see the full_audit messages show up in the standard log files for each client.
What is the magic that needs to happen to have full_audit actually send out a syslog message?
The goal is to be sending these audit messages to an external log server via rsyslogd configuration but rsyslogd never gets any messages because Samba doesnt appear to be sending anything over syslog (514/udp).
thanks,
Wyllys Ingersoll
More information about the samba
mailing list