[Samba] Correct configuration for audit options in smb.conf
Pablo Sanz Fernández
psanz at empre.es
Fri Apr 24 09:35:46 UTC 2020
Hi,
We are enabling audit options in Samba 4.9.13 with the smb.conf file.
The full_audit part is working properly, and we see the events in the log file. But the "dsdb" audit options is not working at all, neither local or syslog-ng.
For the full_audit we are using the "level5" facility to redirect it with thw syslog-ng to another server, and we would like to do the same with the "dsdb".
How can we configure those options? What are we doing wrong?
Here I copy partially smb.conf:
vfs objects = full_audit
full_audit:prefix = %u|%D|%I|%m|%S|%R
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:failure = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = INFO
max log size = 10000
dsdb event notification = yes
dsdb group change notification = yes
dsdb password event notification = yes
log file = /usr/local/samba/var/log/%U.%m.log
log level = 1 dsdb_audit:5@/usr/local/samba/var/log/audit.log dsdb_transaction_audit:5@/usr/local/samba/var/log/audit.log dsdb_password_audit:5@/usr/local/samba/var/log/audit.log dsdb_group_audit:5@/usr/local/samba/var/log/audit.log
Regards,
Pablo Sanz Fernández
More information about the samba
mailing list