[Samba] Samba Audit Logs
Robin G
robinghere3 at gmail.com
Sat May 5 13:40:47 UTC 2018
Hi,
My apologies if this isn't the right place to ask this question.
We have trying to setup auditing in Samba but can't seem to get it to work.
The audit log file is empty and we see some entries about file/folders in
the /var/log/samba/%m but not the actual audit bits. Can someone please
assist or point in the correct direction?
syslog = 0
log file = /var/log/samba/%m
Log level = 0 vfs:0
max log size = 0
full_audit:prefix = %u|%I|%S
full_audit:failure = none
full_audit:success = mkdir rmdir read pread write pwrite rename
unlink
full_audit:facility = local5
full_audit:priority = notice
The following in /etc/rsyslog.d/00-samba-audit.conf
local5.notice /var/log/samba/audit.log
& ~
and the following in /etc/rsyslog.d/50-default.conf
*.*;auth,authpriv.none -/var/log/syslog
*.*;local5,auth,authpriv.none -/var/log/syslog
local5.notice /var/log/samba/audit.log
The samba service and rsyslog have been restarted multiple times
Thank you,
Rob
More information about the samba
mailing list