[Samba] Logging configuration
Anders Östling
anders.ostling at gmail.com
Fri Mar 26 08:51:26 UTC 2021
Hi
I am fighting with the different logging options, connected to using syslog-ng for collecting logs for 2 DC’s and 1 FS into a single log repository.
I have the syslog-ng repo up and running, and syslog-ng installed and configured (I think) on the clients. However, I have two issues, one samba and one non-samba related.
The client (FS and DC in this case) logs to syslog but does not forward to the sink. Probably a misconfig by me, but I have tried to follow existing guides and man pages.
/etc/syslog-ng/syslog-ng.conf
...
destination d_tcp { tcp(10.0.100.14 port(1234) localport(999)); };
log { source(s_src); destination(d_tcp); };
Selecting relevant logging from Samba (FS and DC). What I am most interested in is all kind of failures of course, but also successful authentications, file creation and deletion. I have played with some settings from the man page smb.conf, but they volume of logging is overwhelming. Just about 200 entries for clicking on a folder :). My hope is that someone has been able to find a good mix of logging options and levels, and can share them here!
[global]
logging = syslog at 5
log level = 1 auth:2 auth_audit:5 winbind:1 passdb:4 vfs:1
[users]
vfs objects = full_audit
full_audit:prefix=%u:%I:%S
full_audit:failiure = connect mkdir rmdir open read write
full_audit:success = connect
full_audit:facility = local5
Best regards
Anders Östling
Dämmegatan 11
SE-25442 Helsingborg
Sweden
Phone: +46 768 716 165
Skype: anders.ostling at outlook.com
More information about the samba
mailing list