Samba
Samba collects and normalizes Samba events and enables you to analyze its data.
Package Details
Samba consists of the following components:
-
-
Compiled Normalizer
-
SambaCompiledNormalizer
-
-
Normalization Package
-
LP_Samba
-
-
Log Source Template
-
Samba
-
-
Compiled Normalizer
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| You can now use SambaCompiledNormalizer to normalize Samba authentication and audit logs. | PLUG-15967 | 86887 |
Past Releases
Samba v5.0.0
|
Fields |
Details |
|---|---|
|
Name |
Samba |
|
Version |
5.0.0 |
|
Supported On |
LogPoint v6.0.0 and later |
|
Release Date |
2020-05-14 |
| Document Date |
2020-05-14 |
| Download | |
| SHA256 |
4ccbe64bf953c84c7172df1c1a3c360c1cd9b3cafb86a459a19ceeaf2d948059 |
Package Detail
The application consist of the following component:
-
Normalization Package
- LP_Samba
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
General Description
The Samba application normalizes Samba events and enables you to analyze Samba data. You can further customize the searches to perform in-depth analysis.
Installation
Follow these steps to install the Samba v5.0.0 plugin:
- Download the Samba package from the Download section above.
- Add the required device in LogPoint.
- Create a collection policy with the Syslog collector and an appropriate processing policy.
- Assign the policy to the device.
Supported Version
The supported versions of Samba with LogPoint in this configuration are:
- Samba v3.x, v4.x
Log Format
Expected Log Format
- Samba Format
Log Sample
[2002/07/21 13:23:25, 3] smbd/service.c:close_cnum(514) maya (1.16.1.6) closed connection to service IPC$
To export data to LogPoint use Syslog collector on port 514 on the LogPoint server.
Comments
Article is closed for comments.