[Samba] Samba Audit Logs
robinghere3 at gmail.com
Sat May 5 13:40:47 UTC 2018
My apologies if this isn't the right place to ask this question.
We have trying to setup auditing in Samba but can't seem to get it to work.
The audit log file is empty and we see some entries about file/folders in
the /var/log/samba/%m but not the actual audit bits. Can someone please
assist or point in the correct direction?
syslog = 0
log file = /var/log/samba/%m
Log level = 0 vfs:0
max log size = 0
full_audit:prefix = %u|%I|%S
full_audit:failure = none
full_audit:success = mkdir rmdir read pread write pwrite rename
full_audit:facility = local5
full_audit:priority = notice
The following in /etc/rsyslog.d/00-samba-audit.conf
and the following in /etc/rsyslog.d/50-default.conf
The samba service and rsyslog have been restarted multiple times
More information about the samba