[Samba] dsdb audit in JSON to journald
Anton Shevtsov
shevtsovay at basealt.ru
Fri Jul 14 06:27:57 UTC 2023
Hi,
I want see all dsdb events write to systemd (json format).
My global section
...
logging = systemd
log level = 1 passdb:5 auth:5 winbind:1 auth_json_audit:3 dsdb_json_audit:5 dsdb_password_json_audit:5 dsdb_group_audit:5 dsdb_group_json_audit:5 dsdb_transaction_json_audit:5
...
systemctl restart samba
journalctl -f
Then,
[root at dc ~]# samba-tool group add testgroup1
{"timestamp": "2023-07-14T09:53:30.595295+0500", "type": "dsdbChange", "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0, "status": "Success", "operation": "Add", "remoteAddress": null, "performedAsSystem": false, "userSid": "S-1-5-18", "dn": "CN=testgroup1,CN=Users,DC=test,DC=alt", "transactionId": "d84fca02-096c-4ddf-9611-cce3e093c94b", "sessionId": "4b6f3aa0-b234-4f41-af03-9f0393de1629", "attributes": {"groupType": {"actions": [{"action": "add", "values": [{"value": "-2147483646"}]}]}, "objectClass": {"actions": [{"action": "add", "values": [{"value": "group"}]}]}, "sAMAccountName": {"actions": [{"action": "add", "values": [{"value": "testgroup1"}]}]}}}}
Added group testgroup1
But JSON debug to STDOUT, not journald. Why?
[root at dc ~]# rpm -q samba
samba-4.16.10-alt1.x86_64
--
Anton
More information about the samba
mailing list