I'm running a samba DC version 4.14.10. I've configured logging so that * Important messages about the service go to the Journal (level 1) * auth_audit logs in /var/log/samba/auth.log at level 3 * auth_json_audit logs in /var/log/samba/json/auth.log at level 4 This is done with logging = systemd@1 file log level = auth_audit:3@/var/log/samba/auth.log auth_json_audit:4@/var/log/samba/json/auth.log After upgrading to samba 4.15.2, there's no authentication message sent anymore in those log files. Only authorization ones (if level >= 4). Running on Alma Linux 8.5 with samba builds from Tranquil IT (https://samba.tranquil.it/centos8/samba-4.15.2/x86_64/)
Created attachment 17029 [details] Full smb.conf
Created attachment 17030 [details] Sample auth.log on samba 4.14.10 Here's a sample of /var/log/samba/auth.conf when running 4.14.10. After upgrading to 4.15.2, this log has no more entry added (Except if I raise log level from 3 to 4, in which case I do get the authorization messages)
Created attachment 17031 [details] Sample json/auth.log Here's a sample from /var/log/samba/json/auth.log when running 4.14.10. Note : as it's at log level 4, there're both Authentication and Authorization messages. After upgrade to 4.15.2, no more Authentication message, only Authorization ones are added in this file.
Found the Authentication messages, they are sent in /var/log/samba/log.samba (both plain and json) instead of /var/log/samba/auth.log and /var/log/samba/json/auth.log respectively
Not only the Authentication messages, but also all the various dsdb logs are sent to /var/log/samba/log.samba instead of the specified files (like /var/log/samba/json/dsdb.log) The problem can also be reproduced with a much simpler config : - Removing the logging directive (which default to file), so no systemd involved - Replacing log level with just log level = auth_audit:3@/var/log/samba/auth.log Authentication messages still goes to /var/log/samba/log.samba and not /var/log/samba/auth.log
I guess you're just missing the patches from https://bugzilla.samba.org/show_bug.cgi?id=14897. I just tested auth audit logging on a test server and it works just fine. *** This bug has been marked as a duplicate of bug 14897 ***
Just tested 4.15.3, and the problem is still present. In my smb.conf, the only log related directive being log level = auth_audit:3@/var/log/samba/auth.log max log size = 0 Yet authentication messages are sent to /var/log/samba/log.samba instead of /var/log/samba/auth.log
While checking various options to debug this issue (which was still affecting me in 4.15.5), I've found out that adding --log-basename=/var/log/samba to my samba command in the systemd unit is fixing the issue, auth_audit (as well as its json variant and all the dsdb_XXX) are now sent again in the log files specified in my log level directive, and not in /var/log/samba/log.samba anymore.
I'm still investigating but it looks to me that logs are being capped by the global log level, even if they are meant to go to a specific file at a higher level.