[Pkg-samba-maint] why not log to syslog by default?

Tom Metro tmetro+debianbugs at vl.com
Sun Jul 15 19:28:30 UTC 2007 

After looking into a problem with logwatch not handling debug messages 
from smaba, I started this thread on the logwatch-devel list:

http://www.nabble.com/samba-Unmatched-Entries-tf4063770.html

And in short, I'm wondered why samba was configured by default in the 
Debian package to log to its debug logs instead of to syslog.

Before I file a bug on this, I figured I'd gather some background 
information to see if there are good justifications for this behavior 
that will just lead to the bug being tagged WONTFIX.

I see in Bug #50983:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=50983
Eloy Paris <eparis at andrew.cmu.edu> wrote:

   Somebody wanted to have syslog support in Samba so I added it by
   compiling Samba with syslog support. I agree these debug messages
   should not appear in the syslog, but they will disappear if the you
   set "syslog = 0" in the global section of your smb.conf file. I added
   this parameter to the sample smb.conf...

   Anyway, I'll try to get the upstream source to change the default of
   the "syslog" parameter to 0 (it is currently 1 so this crap gets
   logged through syslog).

   Alternatively, you can also decrease Samba's debug level to 0 (debug
   level = 0 in smb.conf). That way Samba will only log important
   messages and not debug information like the one you got.

Suggesting that syslog logging was reluctantly enabled in the binary, 
but (partially) disabled by the default config.

This comment also implies that the "log level" directive impacts what is 
logged to syslog, yet the man page gives the impression that "log level" 
controls the logging to the "debug logs", while the "syslog" directive 
independently controls what is logged to syslog:

   debuglevel
    This parameter is a synonym for log level.

   log level (G)
    The value of the parameter (a astring) allows the debug level (log-
    ging level) to be specified in the smb.conf file.
    ...
    The default will be the log level specified on the command line or
    level zero if none was specified.

    No default

   ...

   syslog (G)
    This parameter maps how Samba debug messages are logged onto the sys-
    tem syslog logging levels. Samba debug level zero maps onto syslog
    LOG_ERR, debug level one maps onto LOG_WARNING, debug level two maps
    onto LOG_NOTICE, debug level three maps onto LOG_INFO. All higher
    levels are mapped to LOG_DEBUG.

    This parameter sets the threshold for sending messages to syslog.
    Only messages with debug level less than this value will be sent to
    syslog.

    Default: syslog = 1

But I can also see how these two might be chained together, with "log 
level" controlling the overall logging level, and "syslog" controlling 
the threshold of what gets sent to syslog. But if this is the case, the 
documentation to "syslog" should reference its dependency on "log level".


Quoting from /usr/share/samba/smb.conf:
> #### Debugging/Accounting ####
> 
> # This tells Samba to use a separate log file for each machine
> # that connects
>    log file = /var/log/samba/log.%m

If you change this, it also impacts the location and naming of the 
log.smbd and log.nmbd files, which I wouldn't expect based on the above 
comment.


> # Put a capping on the size of the log files (in Kb).
>    max log size = 1000

Does this end up "competing" with the logrotate.d/samba settings? Does 
this directive not apply to log.smbd and log.nmbd?

The logrotate config ignores the client debug logs, even though this 
sample smb.conf triggers samba to create them. That seems inconsistent. 
Is it assumed that the "main" logs will get rotated by logrotate, while 
the debug client logs will get truncated at 1000 KB by samba?


> # If you want Samba to only log through syslog then set the following
> # parameter to 'yes'.
> ;   syslog only = no
> 
> # We want Samba to log a minimum amount of information to syslog. Everything
> # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
> # through syslog you should set the following parameter to something higher.
>    syslog = 0

This makes it clear that informational messages won't get sent to syslog
by default, but it is a bit vague when it comes to error/critical
messages, which perhaps are still being directed to syslog.

The man page says, "Samba debug level zero maps onto syslog LOG_ERR," 
which implies that error will still get logged, even when "log level = 
0" and "syslog = 0". (Assuming "log level = 0" doesn't squelch error 
messages.)


In any case, I think the default configuration for samba should match 
that of other daemons, which would be to log to syslog only, and at the 
LOG_WARNING level.

log level = 1
syslog only = yes
syslog = 1

The sample configuration should include commented out lines with 
comments on how to enable the debug logs, and boost the log level, so a 
user debugging a problem can easily do so.

  -Tom

More information about the Pkg-samba-maint mailing list