[Samba] Security event log in samba 4.4.5 domain controller
trenta.sis at gmail.com
Fri Sep 16 20:50:47 UTC 2016
First of all thanks for your answer.
I have tried to configure https://wiki.samba.org/index.php/Event_Logg but
without success and any log generated...
I have tried to add in smb.conf
eventlog list = Application System Security SyslogLinux
And then connect from windows machien to event viewer, but nothing is
showed... and also tried doc https://git.samba.org/?p=
Can you give some information about how to try if partial implementation it
is enough for mlc? Are there any plans to implement this feature, audit
logon or if It is easy and you give detail I can try..
2016-09-16 18:27 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Wed, 2016-09-14 at 11:38 +0200, Trenta sis via samba wrote:
> > Hi,
> > I have samba 4.4.5 configured as AD wortking correctly, now I need to
> > configure Mcafee Logon Collector to receive security event about user
> > login, this application requires to read security event log about
> > domain
> > controller
> > I have tried to connecto to doamin controller form windows server
> > with
> > connect as and view event log but any event viewer is showed...
> > I have tried to configure https://wiki.samba.org/index.php/Event_Logg
> > ing
> > smb.conf
> > eventlog list = Application System Security SyslogLinux
> > but we don't see any event log related to pdc, how can I do this?
> Sadly Samba does not support auditing of logon events via the event log
> at the moment.
> Indeed, auditing as a whole topic is sadly not well implemented, it is
> hard even to get enough of the right info from our log files. (Level 2
> logs give you most of what you want, but it is poorly structured).
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/
More information about the samba