[Samba] full_audit json logging
mj
lists at merit.unu.edu
Mon Mar 15 16:07:48 UTC 2021
Hi,
We're using json logging on the DCs for authentication logging. This
makes extraction in our log aggregation tool very easy.
We're also using vfs_full_audit logging on the member servers.
The full_audit logs are not json formatted, but look like this:
> 2021-03-15T16:47:39.691012+01:00 memberserver smbd_audit - - -
> IP=192.168.89.5 | USER=DOM\username | MACHINE=desktop-js8pb3b |
> VOLUME=username|getxattr|fail (No data
> available)|/home/username|user.DOSATTRIB
(i prefixed the generated logs with "IP=%I | MACHINE=%m | VOLUME=%S")
Is there a way to get nice json formatted logs out of the vfs_full_audit
module?
I read this page, and it does not mention json at all:
https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html
We're on 4.13.5, and of course I can provide a complete smb.conf if
required.
Thanks,
MJ
More information about the samba
mailing list