Re: [Samba] Internal DNS logging
- Date: Fri, 19 Jan 2018 10:15:46 +0100
- From: Giuseppe Cesa Bianchi via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Internal DNS logging
Thanks again Denis,
I will follow your tips and sure I'll move to 4.7.4 after I solve this
On 1/19/2018 10:01 AM, Denis Cardon wrote:
I was looking for the option 'dns:x' in the wiki but I didn't find it.
Now it works.
log level = 3 auth:3 dns:0
auth_audit:3 gives me unknown class message
it must be only available in 4.7. The last increment 4.7.4 is
production ready (we've got it deployed on dozens of DCs) and has many
nice improvements over 4.6. You should consider upgrading, at least
for domain controllers.
But where I can find a complete list of classes for log level?
you can run any samba-tool command with debug level 9 and it will
start by listing all the logging classes. For example
# samba-tool fsmo show -d9
INFO: Current debug levels:
I'll also give a try on the last version of samba with json.
Json logs are much easier to parse if you need to pipe them into a
SIEM or similar.
On 1/18/2018 4:52 PM, Denis Cardon wrote:
please, stay on the list.
Le 01/18/2018 à 04:32 PM, Giuseppe Cesa Bianchi a écrit :
Thank you for your reply but users logon are already logged on
(I think when kerberos authenticate it).
My problem is the hundreds of line written by DNS on log, even at log
level 1. I'm asking if I can do something to stop it.
In smb.conf, try:
log level = 1 auth_audit:3 dns:0
or in samba 4.7.4
log level = 1 auth_json_audit:3 dns:0
On 1/18/2018 3:40 PM, Denis Cardon wrote:
I have two Samba domain controllers version 4.6.4 on Centos 7.3.
I need to log every login/logout from windows PCs and I read on the
that I have to set log level >=3, this works.
The problem is that my log.samba is filled by internal DNS messages,
most of them about forwarding.
in my smb.conf:
log level = 3 auth:10
vfs objects = full_audit
I googled around but I cannot find anything to avoid this.
For login, you should upgrade your server to Samba 4.7.4 and add json
auth logging with the auth_json_audit parameter .
For logout, it won't be really possible to have a definitive
information from the AD point of view. But you can probably script
something on your desktop and send it back to the server (if the
network connection is still up...)
Please help me!
To unsubscribe from this list go to the following URL and read the