From 39e6608304627f75eaa5d450f9a2865731d89a72 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Thu, 14 Jan 2021 20:00:07 +0100
Subject: [PATCH] Update to 2021-01-14 20:00

---
 roles/samba/defaults/main.yml         | 13 ++++++++-----
 roles/samba/tasks/conf.yml            |  3 +++
 roles/samba/tasks/directory.yml       |  4 ++++
 roles/samba/templates/filebeat.yml.j2 |  2 +-
 roles/samba/templates/smb.conf.j2     |  3 +++
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/roles/samba/defaults/main.yml b/roles/samba/defaults/main.yml
index 33c5f64..e8b25a5 100644
--- a/roles/samba/defaults/main.yml
+++ b/roles/samba/defaults/main.yml
@@ -17,11 +17,14 @@ samba_role: member
 # log level directive in smb.conf
 samba_log_level: >
   1
-  auth_audit:3
-  auth_json_audit:4@/var/log/samba/audit_auth.log
-  dsdb_json_audit:4@/var/log/samba/audit_dsdb.log
-  dsdb_password_json_audit:4@/var/log/samba/audit_dsdb_password.log
-  dsdb_transaction_json_audit:4@/var/log/samba/audit_dsdb_transaction.log
+  auth_audit:3@/var/log/samba/auth.log
+  auth_json_audit:4@/var/log/samba/json/auth.log
+  dsdb_json_audit:4@/var/log/samba/json/dsdb.log
+  dsdb_password_json_audit:4@/var/log/samba/json/dsdb_password.log
+  dsdb_transaction_json_audit:4@/var/log/samba/json/dsdb_transaction.log
+  dns:3@/var/log/samba/dns.log
+  kerberos:2@/var/log/samba/kerberos.log
+  ldb:2@/var/log/samba/ldb.log
 
 samba_serve_homes: False
 
diff --git a/roles/samba/tasks/conf.yml b/roles/samba/tasks/conf.yml
index 7771769..19b1cff 100644
--- a/roles/samba/tasks/conf.yml
+++ b/roles/samba/tasks/conf.yml
@@ -188,3 +188,6 @@
       dest: /etc/backup/post.d/samba.sh
   tags: samba
 
+- name: Deploy logrotate configuration
+  template: src=logrotate.conf.j2 dest=/etc/logrotate.d/samba
+  tags: samba
diff --git a/roles/samba/tasks/directory.yml b/roles/samba/tasks/directory.yml
index 9e60125..e18f5d1 100644
--- a/roles/samba/tasks/directory.yml
+++ b/roles/samba/tasks/directory.yml
@@ -16,3 +16,7 @@
   file: path=/etc/samba/smb.conf.d/ state=directory
   tags: samba
 
+- name: Create JSON log dir
+  file: path=/var/log/samba/json state=directory
+  tags: samba
+
diff --git a/roles/samba/templates/filebeat.yml.j2 b/roles/samba/templates/filebeat.yml.j2
index 9651ce8..a83f318 100644
--- a/roles/samba/templates/filebeat.yml.j2
+++ b/roles/samba/templates/filebeat.yml.j2
@@ -1,7 +1,7 @@
 - type: log
   enabled: True
   paths:
-    - /var/log/samba/audit_*.log
+    - /var/log/samba/json/*.log
   exclude_files:
     - '\.[gx]z$'
     - '\.\d+$'
diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
index 3a13463..59bdcb9 100644
--- a/roles/samba/templates/smb.conf.j2
+++ b/roles/samba/templates/smb.conf.j2
@@ -33,6 +33,9 @@
   server max protocol = {{ samba_max_protocol }}
 {% endif %}
 
+  # Log rotation is handled by logrotate
+  max log size = 0
+
 {% if samba_role == 'dc' or samba_role == 'rodc' %}
   tls dh params file = tls/dhparam.pem
 {% if samba_tls_cert is defined and samba_tls_key is defined %}