log level

The value of the parameter (a string) allows the debug level (logging level) to be specified in the
smb.conf file.


This parameter has been extended since the 2.2.x
series, now it allows one to specify the debug level for multiple
debug classes and distinct logfiles for debug classes. This is to give
greater flexibility in the configuration of the system. The following
debug classes are currently implemented:


all tdb printdrivers lanman smb smb2 smb2_credits rpc_parse rpc_srv rpc_cli passdb sam auth winbind vfs idmap quota acls locking msdfs dmapi registry
scavenger
dns
ldb
tevent
auth_audit
auth_json_audit
kerberos
dsdb_audit
dsdb_json_audit
dsdb_password_audit
dsdb_password_json_audit
dsdb_transaction_audit
dsdb_transaction_json_audit


To configure the logging for specific classes to go into a different
file then , you can append
@PATH to the class, eg log level = 1
full_audit:[email protected]/var/log/audit.log.

Authentication and authorization audit information is logged
under the auth_audit, and if Samba was not compiled with
--without-json, a JSON representation is logged under
auth_json_audit.

Support is comprehensive for all authentication and authorisation
of user accounts in the Samba Active Directory Domain Controller,
as well as the implicit authentication in password changes. In
the file server, NTLM authentication, SMB and RPC authorization is
covered.

Log levels for auth_audit and auth_audit_json are:
2: Authentication Failure 3: Authentication Success 4: Authorization Success 5: Anonymous Authentication and Authorization Success


Changes to the sam.ldb database are logged
under the dsdb_audit and a JSON representation is logged under
dsdb_json_audit.

Password changes and Password resets are logged under
dsdb_password_audit and a JSON representation is logged under the
dsdb_password_json_audit.

Transaction rollbacks and prepare commit failures are logged under
the dsdb_transaction_audit and a JSON representation is logged under the
password_json_audit. Logging the transaction details allows the
identification of password and sam.ldb operations that have been rolled
back.

Example: 3 passdb:5 auth:10 winbind:2

Example: 1 full_audit:[email protected]/var/log/audit.log winbind:2

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

log level

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\log level
Value Namelog level
Value TypeREG_SZ
Default Value0

samba.admx

Administrative Templates (Computers)