[Samba] Logging configuration

Anders Östling anders.ostling at gmail.com
Fri Mar 26 08:51:26 UTC 2021


Hi
I am fighting with the different logging options, connected to using syslog-ng for collecting logs for 2 DC’s and 1 FS into a single log repository.
I have the syslog-ng repo up and running, and syslog-ng installed and configured (I think) on the clients. However, I have two issues, one samba and one non-samba related.

The client (FS and DC in this case) logs to syslog but does not forward to the sink. Probably a misconfig by me, but I have tried to follow existing guides and man pages.

	/etc/syslog-ng/syslog-ng.conf

        ...
         destination d_tcp { tcp(10.0.100.14 port(1234) localport(999)); };
	 log { source(s_src); destination(d_tcp); };

Selecting relevant logging from Samba (FS and DC). What I am most interested in is all kind of failures of course, but also successful authentications, file creation and deletion. I have played with some settings from the man page smb.conf, but they volume of logging is overwhelming. Just about 200 entries for clicking on a folder :). My hope is that someone has been able to find a good mix of logging options and levels, and can share them here!

[global]
        logging = syslog at 5
        log level = 1 auth:2 auth_audit:5 winbind:1 passdb:4 vfs:1

[users]
        vfs objects = full_audit
        full_audit:prefix=%u:%I:%S
        full_audit:failiure = connect mkdir rmdir open read write
        full_audit:success = connect
        full_audit:facility = local5

Best regards

Anders Östling

Dämmegatan 11
SE-25442 Helsingborg
Sweden
Phone: +46 768 716 165
Skype: anders.ostling at outlook.com



More information about the samba mailing list