[Samba] Setting up Audit Logging
Marcio Demetrio Bacci
marciobacci at gmail.com
Thu Jan 16 11:04:39 UTC 2020
Sorry, but I didn't undestand!
Reading a smb.conf manual, I understood that the dsdb event notification
isn't recommended to production server.
Is better to use auth_audit, auth_json_audit, auth or combination these ?
Do I need enable "vfs objects = full_audit"?
Do I need set a log file in syslog or is it automatic?
Sorry, but I got a lot doubts the system log Samba 4.
I found very limited examples on Google.
Could anybody show an example for me ?
Em ter., 14 de jan. de 2020 às 17:12, Andrew Bartlett <abartlet at samba.org>
> On Tue, 2020-01-14 at 09:04 -0200, Marcio Demetrio Bacci via samba
> > Hi,
> > I need enable some logs in my two Samba 4 DC. I want to log the folowws:
> > a. user authentications (success and fail) on domain;
> > b. who joined a computer in the domain;
> > c. who created a new user and group on DC.
> > How I do this?
> > Do I need only put the follow line in the smb.conf?
> You will need more audit categories than this. The dsdb categories are
> needed for the DB operations, the authentication audit is only user
> authentications (success and failure).
> You should only enable the JSON versoins if you have a way to process
> those, the 'human readable' formats will just add noise without any
> more information.
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
More information about the samba