[Samba] Problems with event logging on File Server
Marcio B.
marciobacci at gmail.com
Tue Mar 2 15:04:45 UTC 2021
Hi,
Yesterday, I enabled the full_audit module on my Samba4 file server,
however I noticed that the logs grow a lot. From yesterday to today it was
20GB and I have approximately 500 users on the network.
I noticed that the logs are basically recorded with the same information in
/var/ log/syslog and also in /var/log/samba/username.log and not just in
/var/log/samba/full_audit.log
Here is my domain member Samba4 configuration file:
[global]
netbios name = FILESERVER
workgroup = EMPRESA
security = ADS
realm = EMPRESA.COM.BR
#encrypt passwords = yes
username map = /etc/samba/user.map
log file = /var/log/samba/%U.log
log level = 3 passdb:5 auth:5
max log size = 2000
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config EMPRESA:backend = ad
idmap config EMPRESA:schema_mode = rfc2307
idmap config EMPRESA:range = 10000-999999
idmap config EMPRESA:unix_nss_info = yes
idmap config EMPRESA:unix_primary_group = yes
winbind refresh tickets = Yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr full_audit recycle
full_audit:success = open, write, unlink, rename, rmdir
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = alert
full_audit:prefix = %I|%S|%u
recycle:repository = .TRASH/%U
recycle:directory_mode = 770
recycle:keeptree = yes
recycle:versions = yes
recycle:exclude = *.mp3, *.mp4, *.exe, *.bat, *.ini, *.mpeg, *.msi
map acl inherit = yes
store dos attributes = yes
template shell = /bin/bash
template homedir = /home/%U
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
include = /etc/samba/ext-bloqueadas
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[Empresa]
path = /STORAGE/Empresa
read only = no
Could someone help me adjust these log settings?
Regards,
Márcio Bacci
More information about the samba
mailing list