trogloraspa
December 9, 2021, 4:16pm
1
Hello,
I’m looking a way to access to the samba sessions info, like when an user is authenticating on a client , and session time…
log level = 1 auth_audit:3@/var/log/samba/auth_audit.log full_audit:1@/var/log/samba/full_audit.log
I’ve added this to the template for smb.conf , and in the path now I see the two files auth_audit.log and full_audit.log but these two remain empty.
can someone help me?
thank in advance
mrmarkuz
December 10, 2021, 10:36am
2
I think you need to add the auth audit to the samba DC smb.conf but you added it to local smb.conf.
The samba DC smb.conf is in /var/lib/machines/nscd/etc/samba/smb.conf.
trogloraspa
December 10, 2021, 10:48am
3
Hi @mrmarkuz , thank for reply, so this kind of conf file doesnt require to be managed with template? I’ve added the string there (btw the rigth path include a …/nsdc /…) , restarted samba service, but nothing is diplayed…
mrmarkuz
December 10, 2021, 10:54am
4
To restart samba dc, see useful commands:
https://wiki.nethserver.org/doku.php?id=howto:useful_commands#samba4
systemctl -M nsdc restart samba
trogloraspa
December 10, 2021, 11:34am
5
files has been created again, but nothing diplayed.
mrmarkuz
December 10, 2021, 11:36am
6
I’ll test it later and report…
EDIT:
I was wrong, you need to set it on the local samba file server in /etc/samba/smb.conf.
I needed to raise the log level to get results in /var/log/auth_audit.log:
log level = 5 auth_audit:5@/var/log/samba/auth_audit.log
For more information about loglevels check the smb.conf manpage .
full_audit is already used by NethServer File Server:
/etc/samba/smb.conf Samba audit config:
# SambaAudit configuration
full_audit:prefix = smbauditlog|%T|%u|%I|%S|%U
full_audit:success = read write open unlink mkdir rmdir rename chmod
full_audit:failure = read write open unlink mkdir rmdir rename chmod
full_audit:facility = LOCAL7
full_audit:priority = INFO
3 Likes