samba - Mar 2021 - Problems with event logging on File Server

Hi,
Yesterday, I enabled the full_audit module on my Samba4 file server,
however I noticed that the logs grow a lot. From yesterday to today it was
20GB and I have approximately 500 users on the network.
I noticed that the logs are basically recorded with the same information in
/var/ log/syslog and also in /var/log/samba/username.log  and not just in
/var/log/samba/full_audit.log

Here is my domain member Samba4 configuration file:
[global]
    netbios name = FILESERVER
    workgroup = EMPRESA
    security = ADS
    realm = EMPRESA.COM.BR
    #encrypt passwords = yes
    username map = /etc/samba/user.map
    log file = /var/log/samba/%U.log
    log level = 3 passdb:5 auth:5
    max log size = 2000

    idmap config * : backend = tdb
    idmap config * : range = 3000-7999
    idmap config EMPRESA:backend = ad
    idmap config EMPRESA:schema_mode = rfc2307
    idmap config EMPRESA:range = 10000-999999
    idmap config EMPRESA:unix_nss_info = yes
    idmap config EMPRESA:unix_primary_group = yes

    winbind refresh tickets = Yes
    winbind use default domain = yes
    winbind enum users = yes
    winbind enum groups = yes
    vfs objects = acl_xattr full_audit recycle
    full_audit:success = open, write, unlink, rename, rmdir
    full_audit:failure = none
    full_audit:facility = local7
    full_audit:priority = alert
    full_audit:prefix = %I|%S|%u

    recycle:repository = .TRASH/%U
    recycle:directory_mode = 770
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:exclude = *.mp3, *.mp4, *.exe, *.bat, *.ini, *.mpeg, *.msi

    map acl inherit = yes
    store dos attributes = yes

    template shell = /bin/bash
    template homedir = /home/%U

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

    include = /etc/samba/ext-bloqueadas
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    [Empresa]
        path =  /STORAGE/Empresa
        read only = no

Could someone help me adjust these log settings?

Regards,

M?rcio Bacci

Is it recommended to use this full_audit module or does it have excessive
logging problems?

Regards,

M?rcio Bacci

Em ter., 2 de mar. de 2021 ?s 12:04, Marcio B. <marciobacci at gmail.com>
escreveu:
> Hi,
> Yesterday, I enabled the full_audit module on my Samba4 file server,
> however I noticed that the logs grow a lot. From yesterday to today it was
> 20GB and I have approximately 500 users on the network.
> I noticed that the logs are basically recorded with the same information
> in /var/ log/syslog and also in /var/log/samba/username.log  and not just
> in /var/log/samba/full_audit.log
>
> Here is my domain member Samba4 configuration file:
> [global]
>     netbios name = FILESERVER
>     workgroup = EMPRESA
>     security = ADS
>     realm = EMPRESA.COM.BR
>     #encrypt passwords = yes
>     username map = /etc/samba/user.map
>     log file = /var/log/samba/%U.log
>     log level = 3 passdb:5 auth:5
>     max log size = 2000
>
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     idmap config EMPRESA:backend = ad
>     idmap config EMPRESA:schema_mode = rfc2307
>     idmap config EMPRESA:range = 10000-999999
>     idmap config EMPRESA:unix_nss_info = yes
>     idmap config EMPRESA:unix_primary_group = yes
>
>     winbind refresh tickets = Yes
>     winbind use default domain = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     vfs objects = acl_xattr full_audit recycle
>     full_audit:success = open, write, unlink, rename, rmdir
>     full_audit:failure = none
>     full_audit:facility = local7
>     full_audit:priority = alert
>     full_audit:prefix = %I|%S|%u
>
>     recycle:repository = .TRASH/%U
>     recycle:directory_mode = 770
>     recycle:keeptree = yes
>     recycle:versions = yes
>     recycle:exclude = *.mp3, *.mp4, *.exe, *.bat, *.ini, *.mpeg, *.msi
>
>     map acl inherit = yes
>     store dos attributes = yes
>
>     template shell = /bin/bash
>     template homedir = /home/%U
>
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>
>     include = /etc/samba/ext-bloqueadas
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
>
>     [Empresa]
>         path =  /STORAGE/Empresa
>         read only = no
>
> Could someone help me adjust these log settings?
>
> Regards,
>
> M?rcio Bacci
>
>
>