From 38fe888f95f8d22736080ed521939be932e7bca0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 16 Apr 2021 10:43:07 +1200
Subject: [PATCH] docs: Expand the "log level" docs on audit logging

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 docs-xml/smbdotconf/logging/loglevel.xml | 38 ++++++++++++++++++++----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml
index 6ee9cdceb87..4c6bb5e7e73 100644
--- a/docs-xml/smbdotconf/logging/loglevel.xml
+++ b/docs-xml/smbdotconf/logging/loglevel.xml
@@ -84,25 +84,53 @@
 	<listitem><para>5: Anonymous Authentication and Authorization Success</para></listitem>
     </itemizedlist>
 
-    <para>Changes to the <command moreinfo="none">sam.ldb</command>
+    <para>Changes to the AD DC <command moreinfo="none">sam.ldb</command>
     database are logged under the <parameter>dsdb_audit</parameter>
     and a JSON representation is logged under
     <parameter>dsdb_json_audit</parameter>.</para>
 
-    <para>Group membership changes to the <command
+    <para>Group membership changes to the AD DC <command
     moreinfo="none">sam.ldb</command> database are logged under the
     <parameter>dsdb_group_audit</parameter> and a JSON representation
     is logged under
     <parameter>dsdb_group_json_audit</parameter>.</para>
 
-    <para>Password changes and Password resets are logged under
-    <parameter>dsdb_password_audit</parameter> and a JSON representation is logged under the
-    <parameter>dsdb_password_json_audit</parameter>.</para>
+    <para>Log levels for <parameter>dsdb_audit</parameter>,
+    <parameter>dsdb_json_audit</parameter>,
+    <parameter>dsdb_group_audit</parameter>,
+    <parameter>dsdb_group_json_audit</parameter> and
+    <parameter>dsdb_json_audit</parameter> are:</para>
+    <itemizedlist>
+	<listitem><para>5: Database modifications</para></listitem>
+	<listitem><para>5: Replicated updates from another DC</para></listitem>
+    </itemizedlist>
+
+    <para>Password changes and Password resets in the AD DC are logged
+    under <parameter>dsdb_password_audit</parameter> and a JSON
+    representation is logged under the
+    <parameter>dsdb_password_json_audit</parameter>.  Password changes
+    will also appears as authentication events via
+    <parameter>auth_audit</parameter> and
+    <parameter>auth_audit_json</parameter>.</para>
+
+    <para>Log levels for <parameter>dsdb_password_audit</parameter> and
+    <parameter>dsdb_password_json_audit</parameter> are:</para>
+    <itemizedlist>
+	<listitem><para>5: Successful password changes and resets</para></listitem>
+    </itemizedlist>
 
     <para>Transaction rollbacks and prepare commit failures are logged under
     the <parameter>dsdb_transaction_audit</parameter> and a JSON representation is logged under the
     <parameter>dsdb_transaction_json_audit</parameter>. </para>
 
+    <para>Log levels for <parameter>dsdb_transaction_audit</parameter> and
+    <parameter>dsdb_transaction_json</parameter> are:</para>
+
+    <itemizedlist>
+	<listitem><para>5: Transaction failure (rollback)</para></listitem>
+	<listitem><para>10: Transaction success (commit)</para></listitem>
+    </itemizedlist>
+
     <para>Transaction roll-backs are possible in Samba, and whilst
     they rarely reflect anything more than the failure of an
     individual operation (say due to the add of a conflicting record),
-- 
2.47.3