Brad Daniels
Cadet
- Joined
- Jul 5, 2014
- Messages
- 1
My FreeNAS box:
FreeNAS 9.2.1.5
2 ZFS Volumes on 2 HDD in Raid 1, both shared with CIFS
16 GB ECC DDR3-1600 RAM
I'd like to enable some kind of detailed activity logging so I can record what files my users are opening, modifying, deleting, etc. I only need this enabled on one of my volumes.
Every time I add vfs objects = audit or full_audit I get very strange issues on the shares when saving new files. For example, when I try to save a new file to the share from Word or notepad, Windows will give an error that the file already exists. If I create a file with Right Click -> New -> Word Document it says there was an error communicating with the server, then if I click cancel the blank file appears.
While all this is going on, the logs show:
Once I changed the log level to debug it seems that all the crashes are preceeded by the samba command sys_acl_get_fd.
The volume is set to use Windows ACLs. I don't have the best grasp on the whole Samba/Windows ACLs in FreeNAS, so maybe there's something I'm missing there.
As soon as I remove the vfs objects = full_audit line the problem disappears. I've tested out vfs objects = audit as well and the results are the same.
After searching the forums there doesn't seem to be much discussion about audit and full_audit. Has anyone been able to get this feature working?
FreeNAS 9.2.1.5
2 ZFS Volumes on 2 HDD in Raid 1, both shared with CIFS
16 GB ECC DDR3-1600 RAM
I'd like to enable some kind of detailed activity logging so I can record what files my users are opening, modifying, deleting, etc. I only need this enabled on one of my volumes.
Every time I add vfs objects = audit or full_audit I get very strange issues on the shares when saving new files. For example, when I try to save a new file to the share from Word or notepad, Windows will give an error that the file already exists. If I create a file with Right Click -> New -> Word Document it says there was an error communicating with the server, then if I click cancel the blank file appears.
While all this is going on, the logs show:
Code:
Jul 6 01:43:27 kernel: pid 78087 (smbd), uid 1011: exited on signal 6 Jul 6 01:43:27 smbd_audit: username|192.168.46.60|username-zb|sys_acl_get_fd|ok|IT/New Microsoft Word Document (6).docx
Once I changed the log level to debug it seems that all the crashes are preceeded by the samba command sys_acl_get_fd.
The volume is set to use Windows ACLs. I don't have the best grasp on the whole Samba/Windows ACLs in FreeNAS, so maybe there's something I'm missing there.
As soon as I remove the vfs objects = full_audit line the problem disappears. I've tested out vfs objects = audit as well and the results are the same.
After searching the forums there doesn't seem to be much discussion about audit and full_audit. Has anyone been able to get this feature working?
