[Samba] dsdb audit in JSON to journald

[Andrew Bartlett]

On Fri, 2023-07-14 at 11:27 +0500, Anton Shevtsov via samba wrote:
> Hi,
> 
> I want see all dsdb events write to systemd (json format).
> Then,
> [root at dc ~]# samba-tool group add testgroup1
> {"timestamp": "2023-07-14T09:53:30.595295+0500", "type":
> "dsdbChange", "dsdbChange": {"version": {"major": 1, "minor": 0},
> "statusCode": 0, "status": "Success", "operation": "Add",
> "remoteAddress": null, "performedAsSystem": false, "userSid": "S-1-5-
> 18", "dn": "CN=testgroup1,CN=Users,DC=test,DC=alt", "transactionId":
> "d84fca02-096c-4ddf-9611-cce3e093c94b", "sessionId": "4b6f3aa0-b234-
> 4f41-af03-9f0393de1629", "attributes": {"groupType": {"actions":
> [{"action": "add", "values": [{"value": "-2147483646"}]}]},
> "objectClass": {"actions": [{"action": "add", "values": [{"value":
> "group"}]}]}, "sAMAccountName": {"actions": [{"action": "add",
> "values": [{"value": "testgroup1"}]}]}}}}
> Added group testgroup1
> 
> But JSON debug to STDOUT, not journald. Why?

Sadly the JSON audit logging hooks onto Samba's debug logging for
transport, and so currently follows the override that has debug logs go
to stdout/stderr in command line tools.

This certainly could be improved.  We actually have, used for testing
only, a method to instead send the messages over a message bus.  It
would be possible to develop a 'direct to journald' mechanism.

Without changing Samba a listener for those internal messages (using
the same code as our tests) that does the same would seem to be
possible, using Samba's python bindings.  But nothing 'out of the
box'. 

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions