[Samba] Logging configuration

Remy Zandwijk remy+samba at luckyhands.nl
Fri Mar 26 10:25:24 UTC 2021


Hi Anders,

You have a typo in the config:

        full_audit:failiure = connect mkdir rmdir open read write

Which should be:

        full_audit:failure = connect mkdir rmdir open read write


-Remy



> On 26 Mar 2021, at 09:51, Anders Östling via samba <samba at lists.samba.org> wrote:
> 
> Hi
> I am fighting with the different logging options, connected to using syslog-ng for collecting logs for 2 DC’s and 1 FS into a single log repository.
> I have the syslog-ng repo up and running, and syslog-ng installed and configured (I think) on the clients. However, I have two issues, one samba and one non-samba related.
> 
> The client (FS and DC in this case) logs to syslog but does not forward to the sink. Probably a misconfig by me, but I have tried to follow existing guides and man pages.
> 
> 	/etc/syslog-ng/syslog-ng.conf
> 
>         ...
>          destination d_tcp { tcp(10.0.100.14 port(1234) localport(999)); };
> 	 log { source(s_src); destination(d_tcp); };
> 
> Selecting relevant logging from Samba (FS and DC). What I am most interested in is all kind of failures of course, but also successful authentications, file creation and deletion. I have played with some settings from the man page smb.conf, but they volume of logging is overwhelming. Just about 200 entries for clicking on a folder :). My hope is that someone has been able to find a good mix of logging options and levels, and can share them here!
> 
> [global]
>         logging = syslog at 5
>         log level = 1 auth:2 auth_audit:5 winbind:1 passdb:4 vfs:1
> 
> [users]
>         vfs objects = full_audit
>         full_audit:prefix=%u:%I:%S
>         full_audit:failiure = connect mkdir rmdir open read write
>         full_audit:success = connect
>         full_audit:facility = local5
> 
> Best regards
> 
> Anders Östling
> 
> Dämmegatan 11
> SE-25442 Helsingborg
> Sweden
> Phone: +46 768 716 165
> Skype: anders.ostling at outlook.com
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list