diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2021-04-16 10:43:07 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2021-04-21 09:15:35 +0000 |
| commit | 38fe888f95f8d22736080ed521939be932e7bca0 (patch) | |
| tree | 75fc3c72d118821400f6c17bccb8e98425ea6343 /docs-xml | |
| parent | d03e7ffcff32452bb92f2ced9f06cbeab9843e04 (diff) | |
| download | samba-38fe888f95f8d22736080ed521939be932e7bca0.tar.gz | |
docs: Expand the "log level" docs on audit logging
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/smbdotconf/logging/loglevel.xml | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml index 6ee9cdceb87..4c6bb5e7e73 100644 --- a/docs-xml/smbdotconf/logging/loglevel.xml +++ b/docs-xml/smbdotconf/logging/loglevel.xml @@ -84,25 +84,53 @@ <listitem><para>5: Anonymous Authentication and Authorization Success</para></listitem> </itemizedlist> - <para>Changes to the <command moreinfo="none">sam.ldb</command> + <para>Changes to the AD DC <command moreinfo="none">sam.ldb</command> database are logged under the <parameter>dsdb_audit</parameter> and a JSON representation is logged under <parameter>dsdb_json_audit</parameter>.</para> - <para>Group membership changes to the <command + <para>Group membership changes to the AD DC <command moreinfo="none">sam.ldb</command> database are logged under the <parameter>dsdb_group_audit</parameter> and a JSON representation is logged under <parameter>dsdb_group_json_audit</parameter>.</para> - <para>Password changes and Password resets are logged under - <parameter>dsdb_password_audit</parameter> and a JSON representation is logged under the - <parameter>dsdb_password_json_audit</parameter>.</para> + <para>Log levels for <parameter>dsdb_audit</parameter>, + <parameter>dsdb_json_audit</parameter>, + <parameter>dsdb_group_audit</parameter>, + <parameter>dsdb_group_json_audit</parameter> and + <parameter>dsdb_json_audit</parameter> are:</para> + <itemizedlist> + <listitem><para>5: Database modifications</para></listitem> + <listitem><para>5: Replicated updates from another DC</para></listitem> + </itemizedlist> + + <para>Password changes and Password resets in the AD DC are logged + under <parameter>dsdb_password_audit</parameter> and a JSON + representation is logged under the + <parameter>dsdb_password_json_audit</parameter>. Password changes + will also appears as authentication events via + <parameter>auth_audit</parameter> and + <parameter>auth_audit_json</parameter>.</para> + + <para>Log levels for <parameter>dsdb_password_audit</parameter> and + <parameter>dsdb_password_json_audit</parameter> are:</para> + <itemizedlist> + <listitem><para>5: Successful password changes and resets</para></listitem> + </itemizedlist> <para>Transaction rollbacks and prepare commit failures are logged under the <parameter>dsdb_transaction_audit</parameter> and a JSON representation is logged under the <parameter>dsdb_transaction_json_audit</parameter>. </para> + <para>Log levels for <parameter>dsdb_transaction_audit</parameter> and + <parameter>dsdb_transaction_json</parameter> are:</para> + + <itemizedlist> + <listitem><para>5: Transaction failure (rollback)</para></listitem> + <listitem><para>10: Transaction success (commit)</para></listitem> + </itemizedlist> + <para>Transaction roll-backs are possible in Samba, and whilst they rarely reflect anything more than the failure of an individual operation (say due to the add of a conflicting record), |