Mac OS X 10.11.0 (15A204h): Need new method to enable SMB logging
| Originator: | rtrouton | ||
| Number: | rdar://21552114 | Date Originated: | 25-Jun-2015 04:28 PM |
| Status: | Closed | Resolved: | |
| Product: | OS X | Product Version: | Mac OS X 10.11.0 (15A204h) |
| Classification: | Enhancement | Reproducible: | Always |
Summary:
Apple replaced Samba with SMBX for Windows File Sharing services starting in 10.7.x. By default, SMBX doesn't do much logging. If you want to review logs, you have to edit the launchd item.
To enable logging, you need to add the following two extra ProgramArgument keys as shown below:
ProgramArgument keys
-debug
-stdout
computername:~ username$ sudo pico /System/Library/LaunchDaemons/com.apple.smbd.plist
...
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/smbd</string>
<string>-debug</string>
<string>-stdout</string>
</array>
With System Integrity Protection (SIP) in OS X 10.11.x, it may no longer be possible to edit the com.apple.smbd.plist LaunchDaemon without first disabling SIP.
Would it be possible to add another way to enable SMB logging in 10.11, without needing to edit /System/Library/LaunchDaemons/com.apple.smbd.plist?
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Apple Developer Relations feedback
Apple Developer Relations30-Jun-2016 05:10 PM
Engineering has the following feedback for you:
Starting in 10.12 (including 16A201w), there is a new way to enable SMB debug logging, without needing to edit com.apple.smbd.plist or disable System Integrity Protection (SIP). We added a server preference called “LogLevel”.
To enable smbd debug logging, set the LogLevel preference to 1 with two commands:
The last command syncs the change to the server (if running). You can ignore “service already loaded” or “No matching processes found” warnings printed out.
Next, use the new “log” command to view debug messages from the SMB server. First you have to set the log mode to “debug”:
Now you can use the “log stream” command to continuously display server debug messages. For example:
Now when you generate SMB activity, such as mounting a share on the server, you will see SMB messages, including debug level. For example:
2016-06-30 03:28:31.132239+0000 0x3272 Debug 0x0 753 smbd: reply_smb2_negotiate: SIGN: security_mode: Enabled: True, Required: True 2016-06-30 03:28:31.133365+0000 0x3273 Debug 0x0 753 smbd: smb2_dispatch_negotiate: Client requires signing. 2016-06-30 03:28:31.247259+0000 0x3273 Default 0x0 753 smbd: Server requires signing, but not auth-bound to Directory Service
See the man page for the log command for more information on how you can examine log messages.
You can use the “log show” command to dump out log messages. For example:
sudo log show --debug --info --predicate 'senderImagePath endswith "smbd"' Filtering the log data using "senderImagePath ENDSWITH "smbd" 2016-06-30 03:28:31.132239+0000 0x3272 Debug 0x0 753 smbd: reply_smb2_negotiate: SIGN: security_mode: Enabled: True, Required: True 2016-06-30 03:28:31.133365+0000 0x3273 Debug 0x0 753 smbd: smb2_dispatch_negotiate: Client requires signing. 2016-06-30 03:28:31.247259+0000 0x3273 Default 0x0 753 smbd: Server requires signing, but not auth-bound to Directory Service
Finally to disable smbd debug logging, set the LogLevel preference back to zero with two commands:
Please provide your response or results by updating your bug report and compress any bundled files (e.g. nested folders) prior to uploading.