[Samba] Setting up Audit Logging

Marcio Demetrio Bacci marciobacci at gmail.com
Thu Jan 16 11:04:39 UTC 2020


Sorry, but I didn't undestand!

Reading a smb.conf manual, I understood that the dsdb event notification
isn't recommended to production server.

Is better to use auth_audit, auth_json_audit, auth or combination these ?

Do I need enable "vfs objects = full_audit"?

Do I need set a log file in syslog or is it automatic?

Sorry, but I got a lot doubts the system log Samba 4.

I found very limited examples on Google.

Could anybody show an example for me ?


Márcio Bacci

Em ter., 14 de jan. de 2020 às 17:12, Andrew Bartlett <abartlet at samba.org>

> On Tue, 2020-01-14 at 09:04 -0200, Marcio Demetrio Bacci via samba
> wrote:
> > Hi,
> >
> > I need enable some logs in my two Samba 4 DC. I want to log the folowws:
> >
> > a. user authentications (success and fail) on domain;
> > b. who joined a computer in the domain;
> > c. who created a new user and group on DC.
> >
> > How I do this?
> >
> > Do I need only put the follow line in the smb.conf?
> You will need more audit categories than this.  The dsdb categories are
> needed for the DB operations, the authentication audit is only user
> authentications (success and failure).
> You should only enable the JSON versoins if you have a way to process
> those, the 'human readable' formats will just add noise without any
> more information.
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba

More information about the samba mailing list