Johannes Amorosa | Celluloid VFX
2016-Apr-20 09:14 UTC
[Samba] Samba anonymous dns forwarding
On 04/18/2016 07:09 PM, lingpanda101 at gmail.com wrote:> On 4/18/2016 12:52 PM, Johannes Amorosa | Celluloid VFX wrote: >> >> On 04/15/2016 04:36 PM, lingpanda101 at gmail.com wrote: >>> On 4/15/2016 10:08 AM, Johannes Amorosa | Celluloid VFX wrote: >>>> Hello, >>>> we're using sambas internal DNS server. >>>> >>>> Is there a way to get rid of these messages in logfiles: >>>> >>>> /var/log/samba/log.samba: Not authoritative for >>>> 'static.ak.facebook.com', forwarding >>>> /var/log/samba/log.samba: Not authoritative for >>>> 's-static.ak.facebook.com', forwarding >>>> /var/log/samba/log.samba: Not authoritative for >>>> 's-static.ak.facebook.com', forwarding >>>> /var/log/samba/log.samba: Not authoritative for >>>> 's-static.ak.facebook.com', forwarding >>>> /var/log/samba/log.samba: Not authoritative for >>>> 'connect.facebook.net', forwarding >>>> >>>> Generally I want to keep privacy high for our users - when there is >>>> no technical need of logging this, >>>> without tuning log level. >>>> JA >>>> >>> What log level are you currently using? >>> >> Log level 2, but basically we want to keep log level because we are >> debugging. >> > I had the same issue. I eventually set up a central rsyslog server. > You can drop them before they are sent. > > >Thanks for your reply. We need to centralize our logging anyway. Would you mind sharing your smb and rsyslog snippets how you have done this? -- Johannes Amorosa | Celluloid VFX Celluloid Visual Effects GmbH & Co. KG Paul-Lincke-Ufer 39/40, 10999 Berlin
On 4/20/2016 5:14 AM, Johannes Amorosa | Celluloid VFX wrote:> > > On 04/18/2016 07:09 PM, lingpanda101 at gmail.com wrote: >> On 4/18/2016 12:52 PM, Johannes Amorosa | Celluloid VFX wrote: >>> >>> On 04/15/2016 04:36 PM, lingpanda101 at gmail.com wrote: >>>> On 4/15/2016 10:08 AM, Johannes Amorosa | Celluloid VFX wrote: >>>>> Hello, >>>>> we're using sambas internal DNS server. >>>>> >>>>> Is there a way to get rid of these messages in logfiles: >>>>> >>>>> /var/log/samba/log.samba: Not authoritative for >>>>> 'static.ak.facebook.com', forwarding >>>>> /var/log/samba/log.samba: Not authoritative for >>>>> 's-static.ak.facebook.com', forwarding >>>>> /var/log/samba/log.samba: Not authoritative for >>>>> 's-static.ak.facebook.com', forwarding >>>>> /var/log/samba/log.samba: Not authoritative for >>>>> 's-static.ak.facebook.com', forwarding >>>>> /var/log/samba/log.samba: Not authoritative for >>>>> 'connect.facebook.net', forwarding >>>>> >>>>> Generally I want to keep privacy high for our users - when there >>>>> is no technical need of logging this, >>>>> without tuning log level. >>>>> JA >>>>> >>>> What log level are you currently using? >>>> >>> Log level 2, but basically we want to keep log level because we are >>> debugging. >>> >> I had the same issue. I eventually set up a central rsyslog server. >> You can drop them before they are sent. >> >> >> > > Thanks for your reply. We need to centralize our logging anyway. Would > you mind sharing > your smb and rsyslog snippets how you have done this? > >Under global section of smb.conf add log level = 0 logging = syslog at 1 file See 'man smb.conf' for additional details on 'logging =' The rsyslog.conf isn't so simple. It will need to be setup specific to how you have your central rsyslog server setup. But mine is :msg, contains, "cron" stop :msg, contains, "Connection closed by 172.16.232.27" stop auth,authpriv,daemon,kern,lpr,mail,mark,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7.* @172.16.232.45:514 Please see 'man rsyslog.conf' for additional details. The key command is ':msg, contains,'. This is how I filter. Google search for 'rsyslog loganalyzer tutorial'. You can stip messages on the host before being sent or you can drop them on the server end. -- -James
Johannes Amorosa | Celluloid VFX
2016-Apr-22 08:51 UTC
[Samba] Samba anonymous dns forwarding
On 04/21/2016 02:26 PM, lingpanda101 at gmail.com wrote:> On 4/20/2016 5:14 AM, Johannes Amorosa | Celluloid VFX wrote: >> >> >> On 04/18/2016 07:09 PM, lingpanda101 at gmail.com wrote: >>> On 4/18/2016 12:52 PM, Johannes Amorosa | Celluloid VFX wrote: >>>> >>>> On 04/15/2016 04:36 PM, lingpanda101 at gmail.com wrote: >>>>> On 4/15/2016 10:08 AM, Johannes Amorosa | Celluloid VFX wrote: >>>>>> Hello, >>>>>> we're using sambas internal DNS server. >>>>>> >>>>>> Is there a way to get rid of these messages in logfiles: >>>>>> >>>>>> /var/log/samba/log.samba: Not authoritative for >>>>>> 'static.ak.facebook.com', forwarding >>>>>> /var/log/samba/log.samba: Not authoritative for >>>>>> 's-static.ak.facebook.com', forwarding >>>>>> /var/log/samba/log.samba: Not authoritative for >>>>>> 's-static.ak.facebook.com', forwarding >>>>>> /var/log/samba/log.samba: Not authoritative for >>>>>> 's-static.ak.facebook.com', forwarding >>>>>> /var/log/samba/log.samba: Not authoritative for >>>>>> 'connect.facebook.net', forwarding >>>>>> >>>>>> Generally I want to keep privacy high for our users - when there >>>>>> is no technical need of logging this, >>>>>> without tuning log level. >>>>>> JA >>>>>> >>>>> What log level are you currently using? >>>>> >>>> Log level 2, but basically we want to keep log level because we are >>>> debugging. >>>> >>> I had the same issue. I eventually set up a central rsyslog server. >>> You can drop them before they are sent. >>> >>> >>> >> >> Thanks for your reply. We need to centralize our logging anyway. >> Would you mind sharing >> your smb and rsyslog snippets how you have done this? >> >> > Under global section of smb.conf add > > log level = 0 > logging = syslog at 1 file > > See 'man smb.conf' for additional details on 'logging =' > > The rsyslog.conf isn't so simple. It will need to be setup specific to > how you have your central rsyslog server setup. But mine is > > :msg, contains, "cron" stop > :msg, contains, "Connection closed by 172.16.232.27" stop > > auth,authpriv,daemon,kern,lpr,mail,mark,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7.* > @172.16.232.45:514 > > Please see 'man rsyslog.conf' for additional details. The key command > is ':msg, contains,'. This is how I filter. Google search for 'rsyslog > loganalyzer tutorial'. You can stip messages on the host before being > sent or you can drop them on the server end. > >Thank you for your info. I will give it a try.> > > > > >-- Johannes Amorosa | Celluloid VFX Celluloid Visual Effects GmbH & Co. KG Paul-Lincke-Ufer 39/40, 10999 Berlin phone +49 (0)30 / 54 735 220 fax +49 (0)30 / 54 735 221