On 15/10/2019 10:54, Rowland penny via samba wrote:> On 15/10/2019 10:29, lejeczek via samba wrote: >> hi everyone >> >> I'd like to ask, with having basic logging in config as here: >> ? ?? log file = /var/log/samba/log.%m >> ?? max log size = 5000 >> ?? log level = 1 auth:3 tdb:5 passdb:3 sam:3 winbind:0 idmap:3 >> >> log files get populated on per-machine basis. >> >> Would it be possible to put all authentication into one separate file >> simultaneously? >> >> many thanks, L. >> > Never felt the need to do it myself, but smb.conf says this under 'log > level': > > To configure the logging for specific classes to go into a different > file then log file, you can append @PATH to the class, eg log level > 1 full_audit:1@/var/log/audit.log. > > Rowland > > >For some reason @$a_path does not work me(Version 4.9.1), the file does not get created. I think I can see an effect of auth_audit as more details go into the logs now with 'log level = 1 auth_audit:2@/var/log/samba/auth.log, like IPs which were not there before, eg.: Oct 15 16:12:00 swi smbd[377337]:? Auth: [SMB2,(null)] user [NNR_BI\[mee] at [Tue, 15 Oct 2019 16:12:00.610569 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [NNRDC] remote host [ipv4:10.5.5.202:36784] mapped to [NNR_BI\[mee]. local host [ipv4:10.5.5.204:445] but no /var/log/samba/auth.log many thanks, L.
On 15/10/2019 16:22, lejeczek via samba wrote:> On 15/10/2019 10:54, Rowland penny via samba wrote: >> On 15/10/2019 10:29, lejeczek via samba wrote: >>> hi everyone >>> >>> I'd like to ask, with having basic logging in config as here: >>> ? ?? log file = /var/log/samba/log.%m >>> ?? max log size = 5000 >>> ?? log level = 1 auth:3 tdb:5 passdb:3 sam:3 winbind:0 idmap:3 >>> >>> log files get populated on per-machine basis. >>> >>> Would it be possible to put all authentication into one separate file >>> simultaneously? >>> >>> many thanks, L. >>> >> Never felt the need to do it myself, but smb.conf says this under 'log >> level': >> >> To configure the logging for specific classes to go into a different >> file then log file, you can append @PATH to the class, eg log level >> 1 full_audit:1@/var/log/audit.log. >> >> Rowland >> >> >> > For some reason @$a_path does not work me(Version 4.9.1), the file does > not get created. > > I think I can see an effect of auth_audit as more details go into the > logs now with 'log level = 1 auth_audit:2@/var/log/samba/auth.log, like > IPs which were not there before, eg.: > > Oct 15 16:12:00 swi smbd[377337]:? Auth: [SMB2,(null)] user > [NNR_BI\[mee] at [Tue, 15 Oct 2019 16:12:00.610569 BST] with [NTLMv2] > status [NT_STATUS_WRONG_PASSWORD] workstation [NNRDC] remote host > [ipv4:10.5.5.202:36784] mapped to [NNR_BI\[mee]. local host > [ipv4:10.5.5.204:445] > > but no /var/log/samba/auth.log > > many thanks, L. >Strange, I tried your log level line on a DC and the log file was created but without content, I had to raise the '2' to '3', at which point I got lines similar to yours when I connected to a share with smbclient. Rowland
On 15/10/2019 16:56, Rowland penny via samba wrote:> On 15/10/2019 16:22, lejeczek via samba wrote: >> On 15/10/2019 10:54, Rowland penny via samba wrote: >>> On 15/10/2019 10:29, lejeczek via samba wrote: >>>> hi everyone >>>> >>>> I'd like to ask, with having basic logging in config as here: >>>> ?? ?? log file = /var/log/samba/log.%m >>>> ??? max log size = 5000 >>>> ??? log level = 1 auth:3 tdb:5 passdb:3 sam:3 winbind:0 idmap:3 >>>> >>>> log files get populated on per-machine basis. >>>> >>>> Would it be possible to put all authentication into one separate file >>>> simultaneously? >>>> >>>> many thanks, L. >>>> >>> Never felt the need to do it myself, but smb.conf says this under 'log >>> level': >>> >>> To configure the logging for specific classes to go into a different >>> file then log file, you can append @PATH to the class, eg log level >>> 1 full_audit:1@/var/log/audit.log. >>> >>> Rowland >>> >>> >>> >> For some reason @$a_path does not work me(Version 4.9.1), the file does >> not get created. >> >> I think I can see an effect of auth_audit as more details go into the >> logs now with 'log level = 1 auth_audit:2@/var/log/samba/auth.log, like >> IPs which were not there before, eg.: >> >> Oct 15 16:12:00 swi smbd[377337]:? Auth: [SMB2,(null)] user >> [NNR_BI\[mee] at [Tue, 15 Oct 2019 16:12:00.610569 BST] with [NTLMv2] >> status [NT_STATUS_WRONG_PASSWORD] workstation [NNRDC] remote host >> [ipv4:10.5.5.202:36784] mapped to [NNR_BI\[mee]. local host >> [ipv4:10.5.5.204:445] >> >> but no /var/log/samba/auth.log >> >> many thanks, L. >> > Strange, I tried your log level line on a DC and the log file was > created but without content, I had to raise the '2' to '3', at which > point I got lines similar to yours when I connected to a share with > smbclient. > > Rowland > > >The reason why it works for myself but not Lejeczek is that I am using 4.10.8 and he isn't ;-) It looks like the ability to put the log output into different logfiles came in at 4.10.0 Rowland