[Samba] Security event log in samba 4.4.5 domain controller

Trenta sis trenta.sis at gmail.com
Fri Sep 16 20:50:47 UTC 2016 

Hi,

First of all thanks for your answer.

I have tried to configure https://wiki.samba.org/index.php/Event_Logg but
without success and any log generated...
I have tried to add in smb.conf

 eventlog list = Application System Security SyslogLinux


And then connect from windows machien to event viewer, but nothing is
showed... and also tried doc https://git.samba.org/?p=
samba.git;a=blob;f=docs-xml/Samba-EventLog-HOWTO.txt;h=
33b3c1ddc47cf079236e429e7b1cbc549e0e6de5;hb=refs/heads/v4-4-stable
 without success

Can you give some information about how to try if partial implementation it
is enough for mlc? Are there any plans to implement this feature, audit
logon or if It is easy and you give detail I can try..

thanks

2016-09-16 18:27 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:

> On Wed, 2016-09-14 at 11:38 +0200, Trenta sis via samba wrote:
> > Hi,
> >
> >
> > I have samba 4.4.5 configured as AD wortking correctly, now I need to
> > configure Mcafee Logon Collector to receive security event about user
> > login, this application requires to read security event log about
> > domain
> > controller
> > I have tried to connecto to doamin controller form windows server
> > with
> > connect as and view event log but any event viewer is showed...
> >
> > I have tried to configure https://wiki.samba.org/index.php/Event_Logg
> > ing
> >
> > smb.conf
> >
> >  eventlog list = Application System Security SyslogLinux
> >
> > but we don't see any event log related to pdc, how can I do this?
>
> Sadly Samba does not support auditing of logon events via the event log
> at the moment.
>
> Indeed, auditing as a whole topic is sadly not well implemented, it is
> hard even to get enough of the right info from our log files.  (Level 2
> logs give you most of what you want, but it is poorly structured).
>
> Sorry,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>

More information about the samba mailing list