[Samba] Export authentication & authorisation logs to Windows Event Viewer

Andrew Bartlett abartlet at samba.org
Sat Jan 6 08:02:09 UTC 2018

On Sat, 2018-01-06 at 12:21 +0530, Anantha Raghava via samba wrote:
> Hi,
> Can we export the samba audit logs (Authentication & Authorisation Logs) 
> to Windows Event Viewer?
> I am trying to export the authentication & authorisation logs to a 
> Windows Server to be shown in Windows Event Viewer. I read the link - 
> https://wiki.samba.org/index.php/Event_Logging. But couldn't follow much.
> Can someone throw more light on the procedure, if it is possible?

Sadly not at this time.  I actually have a client task pending to look
into this better, but for now if you want to use the modern event
viewer it looks like quite a large protocol built on binary XML.  

The older eventlog protocol is still around, and it might be easier to
fill in that database.  Can you clarify if you would be wanting
eventlog or eventlog6 support?  While I don't wish to give false hopes,
it would be really helpful for the 'scoping study' I've been asked to
do if I knew better what users need here.

Additionally, I understand there are some security appliances etc that
use event log to get audit information from AD for security purposes. 
If you or anyone else on the list uses one of these and can tell me a
little about them (names, versions, ideally get me a network trace of
it in action or where I can get a demo) that would also be really


Andrew Bartlett

> Thanks & Regards,
> Anantha Raghava
> Do not print this e-mail unless required. Save Paper & trees.
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list