Web lists-archives.com

[Samba] Samba Audit Logs


My apologies if this isn't the right place to ask this question.

We have trying to setup auditing in Samba but can't seem to get it to work.
The audit log file is empty and we see some entries about file/folders in
the /var/log/samba/%m but not the actual audit bits. Can someone please
assist or point in the correct direction?

 syslog = 0
log file = /var/log/samba/%m
Log level = 0 vfs:0
max log size = 0
full_audit:prefix = %u|%I|%S
        full_audit:failure = none
        full_audit:success = mkdir rmdir read pread write pwrite rename
        full_audit:facility = local5
        full_audit:priority = notice

The following in /etc/rsyslog.d/00-samba-audit.conf
local5.notice /var/log/samba/audit.log
& ~

and the following in /etc/rsyslog.d/50-default.conf
*.*;auth,authpriv.none           -/var/log/syslog
*.*;local5,auth,authpriv.none           -/var/log/syslog
local5.notice /var/log/samba/audit.log

The samba service and rsyslog have been restarted multiple times

Thank you,

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba