Samba log files accessed

MS1 · 2019-02-26 12:23:53

I can't seem to find out how to get samba to log which files are accessed. My /etc/samba/smb.conf is below and it does make log files in /var/log/samba but they don't show which files were accessed.

workgroup = ants
server string = nas
security = user
hosts allow = 192.168.1. 127.
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY
load printers = no
printing = bsd
disable spoolss = yes
printcap name = /dev/null

[nas-ro]
comment = ro files
writeable = no
valid users = nas
path = /media/media/collection

graysky · 2019-03-02 14:48:37

Interesting question, have you tried enabling the full_audit module? Just a google hit (I don't use samba): https://moiristo.wordpress.com/2009/08/ … -activity/

EDIT: official docs are probably a better resource: https://www.samba.org/samba/docs/curren … dit.8.html

Last edited by graysky (2019-03-02 15:10:40)

MS1 · 2019-03-02 16:08:21

I edited the smb.conf file but I don't see the any access in the logs at all.

workgroup = ants
server string = nas
security = user
hosts allow = 192.168.1. 127.
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY
load printers = no
printing = bsd
disable spoolss = yes
printcap name = /dev/null

vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = open
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = ALERT

[nas-ro]
vfs objects = full_audit
comment = ro files
writeable = no
valid users = nas
path = /media/media/collection

graysky · 2019-03-02 16:11:59

@OP - IDK. From the little I saw on the docs page, it goes to syslog which on Arch is journalctl. Post the output of `journalctl -u smb`

Arch Linux

#1 2019-02-26 12:23:53

Samba log files accessed

#2 2019-03-02 14:48:37

Re: Samba log files accessed

#3 2019-03-02 16:08:21

Re: Samba log files accessed

#4 2019-03-02 16:11:59

Re: Samba log files accessed

Board footer