Hi Anders,
You have a typo in the config:
full_audit:failiure = connect mkdir rmdir open read write
Which should be:
full_audit:failure = connect mkdir rmdir open read write
-Remy
> On 26 Mar 2021, at 09:51, Anders ?stling via samba <samba at
lists.samba.org> wrote:
>
> Hi
> I am fighting with the different logging options, connected to using
syslog-ng for collecting logs for 2 DC?s and 1 FS into a single log repository.
> I have the syslog-ng repo up and running, and syslog-ng installed and
configured (I think) on the clients. However, I have two issues, one samba and
one non-samba related.
>
> The client (FS and DC in this case) logs to syslog but does not forward to
the sink. Probably a misconfig by me, but I have tried to follow existing guides
and man pages.
>
> /etc/syslog-ng/syslog-ng.conf
>
> ...
> destination d_tcp { tcp(10.0.100.14 port(1234) localport(999)); };
> log { source(s_src); destination(d_tcp); };
>
> Selecting relevant logging from Samba (FS and DC). What I am most
interested in is all kind of failures of course, but also successful
authentications, file creation and deletion. I have played with some settings
from the man page smb.conf, but they volume of logging is overwhelming. Just
about 200 entries for clicking on a folder :). My hope is that someone has been
able to find a good mix of logging options and levels, and can share them here!
>
> [global]
> logging = syslog at 5
> log level = 1 auth:2 auth_audit:5 winbind:1 passdb:4 vfs:1
>
> [users]
> vfs objects = full_audit
> full_audit:prefix=%u:%I:%S
> full_audit:failiure = connect mkdir rmdir open read write
> full_audit:success = connect
> full_audit:facility = local5
>
> Best regards
>
> Anders ?stling
>
> D?mmegatan 11
> SE-25442 Helsingborg
> Sweden
> Phone: +46 768 716 165
> Skype: anders.ostling at outlook.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba