mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
4d7eaed586
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
103 lines
5.7 KiB
XML
103 lines
5.7 KiB
XML
<samba:parameter name="log level"
|
|
type="string"
|
|
context="G"
|
|
handler="handle_debug_list"
|
|
substitution="1"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<synonym>debuglevel</synonym>
|
|
<description>
|
|
<para>
|
|
The value of the parameter (a string) allows the debug level (logging level) to be specified in the
|
|
<filename moreinfo="none">smb.conf</filename> file.
|
|
</para>
|
|
|
|
<para>This parameter has been extended since the 2.2.x
|
|
series, now it allows one to specify the debug level for multiple
|
|
debug classes and distinct logfiles for debug classes. This is to give
|
|
greater flexibility in the configuration of the system. The following
|
|
debug classes are currently implemented:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para><parameter moreinfo="none">all</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">tdb</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">printdrivers</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">lanman</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">smb</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">rpc_parse</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">rpc_srv</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">rpc_cli</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">passdb</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">sam</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">auth</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">winbind</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">vfs</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">idmap</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">quota</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">acls</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">locking</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">msdfs</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dmapi</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">registry</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">scavenger</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dns</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">ldb</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">tevent</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">auth_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">auth_json_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">kerberos</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_json_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_password_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_password_json_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_transaction_audit</parameter></para></listitem>
|
|
<listitem><para><parameter moreinfo="none">dsdb_transaction_json_audit</parameter></para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para>To configure the logging for specific classes to go into a different
|
|
file then <smbconfoption name="log file"/>, you can append
|
|
<emphasis>@PATH</emphasis> to the class, eg <parameter>log level = 1
|
|
full_audit:1@/var/log/audit.log</parameter>.</para>
|
|
|
|
<para>Authentication and authorization audit information is logged
|
|
under the auth_audit, and if Samba was not compiled with
|
|
--without-json, a JSON representation is logged under
|
|
auth_json_audit.</para>
|
|
|
|
<para>Support is comprehensive for all authentication and authorisation
|
|
of user accounts in the Samba Active Directory Domain Controller,
|
|
as well as the implicit authentication in password changes. In
|
|
the file server, NTLM authentication, SMB and RPC authorization is
|
|
covered.</para>
|
|
|
|
<para>Log levels for auth_audit and auth_audit_json are:</para>
|
|
<itemizedlist>
|
|
<listitem><para>2: Authentication Failure</para></listitem>
|
|
<listitem><para>3: Authentication Success</para></listitem>
|
|
<listitem><para>4: Authorization Success</para></listitem>
|
|
<listitem><para>5: Anonymous Authentication and Authorization Success</para></listitem>
|
|
</itemizedlist>
|
|
|
|
<para>Changes to the sam.ldb database are logged
|
|
under the dsdb_audit and a JSON representation is logged under
|
|
dsdb_json_audit.</para>
|
|
|
|
<para>Password changes and Password resets are logged under
|
|
dsdb_password_audit and a JSON representation is logged under the
|
|
dsdb_password_json_audit.</para>
|
|
|
|
<para>Transaction rollbacks and prepare commit failures are logged under
|
|
the dsdb_transaction_audit and a JSON representation is logged under the
|
|
password_json_audit. Logging the transaction details allows the
|
|
identification of password and sam.ldb operations that have been rolled
|
|
back.</para>
|
|
|
|
|
|
</description>
|
|
<value type="default">0</value>
|
|
<value type="example">3 passdb:5 auth:10 winbind:2</value>
|
|
<value type="example">1 full_audit:1@/var/log/audit.log winbind:2</value>
|
|
</samba:parameter>
|