1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/docs-xml/smbdotconf/logging/loglevel.xml
Ralph Boehme 4d7eaed586 smbdotconf: mark "log level" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:35 +00:00

103 lines
5.7 KiB
XML

<samba:parameter name="log level"
type="string"
context="G"
handler="handle_debug_list"
substitution="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>debuglevel</synonym>
<description>
<para>
The value of the parameter (a string) allows the debug level (logging level) to be specified in the
<filename moreinfo="none">smb.conf</filename> file.
</para>
<para>This parameter has been extended since the 2.2.x
series, now it allows one to specify the debug level for multiple
debug classes and distinct logfiles for debug classes. This is to give
greater flexibility in the configuration of the system. The following
debug classes are currently implemented:
</para>
<itemizedlist>
<listitem><para><parameter moreinfo="none">all</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">tdb</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">printdrivers</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">lanman</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">smb</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_parse</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_srv</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_cli</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">passdb</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">sam</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">auth</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">winbind</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">vfs</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">idmap</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">quota</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">acls</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">locking</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">msdfs</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dmapi</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">registry</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">scavenger</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dns</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">ldb</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">tevent</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">auth_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">auth_json_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">kerberos</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_json_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_password_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_password_json_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_transaction_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dsdb_transaction_json_audit</parameter></para></listitem>
</itemizedlist>
<para>To configure the logging for specific classes to go into a different
file then <smbconfoption name="log file"/>, you can append
<emphasis>@PATH</emphasis> to the class, eg <parameter>log level = 1
full_audit:1@/var/log/audit.log</parameter>.</para>
<para>Authentication and authorization audit information is logged
under the auth_audit, and if Samba was not compiled with
--without-json, a JSON representation is logged under
auth_json_audit.</para>
<para>Support is comprehensive for all authentication and authorisation
of user accounts in the Samba Active Directory Domain Controller,
as well as the implicit authentication in password changes. In
the file server, NTLM authentication, SMB and RPC authorization is
covered.</para>
<para>Log levels for auth_audit and auth_audit_json are:</para>
<itemizedlist>
<listitem><para>2: Authentication Failure</para></listitem>
<listitem><para>3: Authentication Success</para></listitem>
<listitem><para>4: Authorization Success</para></listitem>
<listitem><para>5: Anonymous Authentication and Authorization Success</para></listitem>
</itemizedlist>
<para>Changes to the sam.ldb database are logged
under the dsdb_audit and a JSON representation is logged under
dsdb_json_audit.</para>
<para>Password changes and Password resets are logged under
dsdb_password_audit and a JSON representation is logged under the
dsdb_password_json_audit.</para>
<para>Transaction rollbacks and prepare commit failures are logged under
the dsdb_transaction_audit and a JSON representation is logged under the
password_json_audit. Logging the transaction details allows the
identification of password and sam.ldb operations that have been rolled
back.</para>
</description>
<value type="default">0</value>
<value type="example">3 passdb:5 auth:10 winbind:2</value>
<value type="example">1 full_audit:1@/var/log/audit.log winbind:2</value>
</samba:parameter>