Configuration of Auditing
This auditing tool is more felxible than most people readily will recognize. There are a number of ways
by which useful logging information can be recorded.
-
Syslog can be used to record all transaction. This can be disabled by setting
in the smb.conf file
syslog = 0
.
-
Logging can take place to the default log file (log.smbd)
for all loaded VFS modules just by setting in the smb.conf file
log level = 0 vfs:x
, where x is the log level.
This will disable general logging while activating all logging of VFS
module activity at the log level specified.
-
Detailed logging can be obtained per user, per client machine, etc.
This requires the above together with the creative use of the
log file
settings.
An example of detailed per-user and per-machine logging can
be obtained by setting
log file = /var/log/samba/%U.%m.log.
Auditing information often must be preserved for a long time. So that the log files do not get rotated
it is essential that the
max log size = 0 be set
in the smb.conf file.
