[Samba] Problems with event logging on File Server

Marcio B. marciobacci at gmail.com
Wed Mar 3 12:23:24 UTC 2021


Is it recommended to use this full_audit module or does it have excessive
logging problems?

Regards,

Márcio Bacci

Em ter., 2 de mar. de 2021 às 12:04, Marcio B. <marciobacci at gmail.com>
escreveu:

> Hi,
> Yesterday, I enabled the full_audit module on my Samba4 file server,
> however I noticed that the logs grow a lot. From yesterday to today it was
> 20GB and I have approximately 500 users on the network.
> I noticed that the logs are basically recorded with the same information
> in /var/ log/syslog and also in /var/log/samba/username.log  and not just
> in /var/log/samba/full_audit.log
>
> Here is my domain member Samba4 configuration file:
> [global]
>     netbios name = FILESERVER
>     workgroup = EMPRESA
>     security = ADS
>     realm = EMPRESA.COM.BR
>     #encrypt passwords = yes
>     username map = /etc/samba/user.map
>     log file = /var/log/samba/%U.log
>     log level = 3 passdb:5 auth:5
>     max log size = 2000
>
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     idmap config EMPRESA:backend = ad
>     idmap config EMPRESA:schema_mode = rfc2307
>     idmap config EMPRESA:range = 10000-999999
>     idmap config EMPRESA:unix_nss_info = yes
>     idmap config EMPRESA:unix_primary_group = yes
>
>     winbind refresh tickets = Yes
>     winbind use default domain = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     vfs objects = acl_xattr full_audit recycle
>     full_audit:success = open, write, unlink, rename, rmdir
>     full_audit:failure = none
>     full_audit:facility = local7
>     full_audit:priority = alert
>     full_audit:prefix = %I|%S|%u
>
>     recycle:repository = .TRASH/%U
>     recycle:directory_mode = 770
>     recycle:keeptree = yes
>     recycle:versions = yes
>     recycle:exclude = *.mp3, *.mp4, *.exe, *.bat, *.ini, *.mpeg, *.msi
>
>     map acl inherit = yes
>     store dos attributes = yes
>
>     template shell = /bin/bash
>     template homedir = /home/%U
>
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>
>     include = /etc/samba/ext-bloqueadas
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
>
>     [Empresa]
>         path =  /STORAGE/Empresa
>         read only = no
>
> Could someone help me adjust these log settings?
>
> Regards,
>
> Márcio Bacci
>
>
>


More information about the samba mailing list