Pablo Sanz Fernández
2020-Apr-24 09:35 UTC
[Samba] Correct configuration for audit options in smb.conf
Hi, We are enabling audit options in Samba 4.9.13 with the smb.conf file. The full_audit part is working properly, and we see the events in the log file. But the "dsdb" audit options is not working at all, neither local or syslog-ng. For the full_audit we are using the "level5" facility to redirect it with thw syslog-ng to another server, and we would like to do the same with the "dsdb". How can we configure those options? What are we doing wrong? Here I copy partially smb.conf: vfs objects = full_audit full_audit:prefix = %u|%D|%I|%m|%S|%R full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect full_audit:failure = mkdir rename unlink rmdir pwrite pread connect disconnect full_audit:facility = local5 full_audit:priority = INFO max log size = 10000 dsdb event notification = yes dsdb group change notification = yes dsdb password event notification = yes log file = /usr/local/samba/var/log/%U.%m.log log level = 1 dsdb_audit:5@/usr/local/samba/var/log/audit.log dsdb_transaction_audit:5@/usr/local/samba/var/log/audit.log dsdb_password_audit:5@/usr/local/samba/var/log/audit.log dsdb_group_audit:5@/usr/local/samba/var/log/audit.log Regards, Pablo Sanz Fern?ndez