[Samba] full_audit json logging
lists at merit.unu.edu
Mon Mar 15 16:07:48 UTC 2021
We're using json logging on the DCs for authentication logging. This
makes extraction in our log aggregation tool very easy.
We're also using vfs_full_audit logging on the member servers.
The full_audit logs are not json formatted, but look like this:
> 2021-03-15T16:47:39.691012+01:00 memberserver smbd_audit - - -
> IP=192.168.89.5 | USER=DOM\username | MACHINE=desktop-js8pb3b |
> VOLUME=username|getxattr|fail (No data
(i prefixed the generated logs with "IP=%I | MACHINE=%m | VOLUME=%S")
Is there a way to get nice json formatted logs out of the vfs_full_audit
I read this page, and it does not mention json at all:
We're on 4.13.5, and of course I can provide a complete smb.conf if
More information about the samba