Hi Friends!
So, it has been reported that users are getting intermittent issues with permissions. Of course, what I have from the end user is: "Our process ran and after 5 days it failed to read a file with a permission error"
We are a GIS firm and to process map data can sometime take hours to weeks. If at any point a disconnect for any reason occurs, the process needs to start all over again.
I have been reading into setting up logging on the SMB service to be able to find out who is doing what and when so that the next time they bring up an issue I will be able to see what the log says for that time frame.
Here is the issue, all the tutorials on this forum for for setting up vfs_objects of audit or full_audit for version 9 or under. It appears to me that simply turning on logging:normal in the SMB service writes items like this to the /var/log/samba4/log.smbd file:
[2018/07/26 19:24:30.533964, 2] ../source3/smbd/close.c:789(close_normal_file)
DOMAIN\USER closed file file.ext (numopen=27) NT_STATUS_OK
Just watching the log.smbd file for the last 30 minutes, it is already getting quite big as we have alot of users that are active 24/7. I cannot for the life of me find how to redirect or change the directory of the log.smbd file. Again there is ample tutorials for the full_audit method of setting up SMB logging.
Should I not be using the logging=normal in the SMB service and go the vfs_objects full_audit route with 11.1u5?
Does anyone have any other tip or instructions to get the best log to see user file access and if there is any authentication issue or connection drop?
Thanks in advance.
So, it has been reported that users are getting intermittent issues with permissions. Of course, what I have from the end user is: "Our process ran and after 5 days it failed to read a file with a permission error"
We are a GIS firm and to process map data can sometime take hours to weeks. If at any point a disconnect for any reason occurs, the process needs to start all over again.
I have been reading into setting up logging on the SMB service to be able to find out who is doing what and when so that the next time they bring up an issue I will be able to see what the log says for that time frame.
Here is the issue, all the tutorials on this forum for for setting up vfs_objects of audit or full_audit for version 9 or under. It appears to me that simply turning on logging:normal in the SMB service writes items like this to the /var/log/samba4/log.smbd file:
[2018/07/26 19:24:30.533964, 2] ../source3/smbd/close.c:789(close_normal_file)
DOMAIN\USER closed file file.ext (numopen=27) NT_STATUS_OK
Just watching the log.smbd file for the last 30 minutes, it is already getting quite big as we have alot of users that are active 24/7. I cannot for the life of me find how to redirect or change the directory of the log.smbd file. Again there is ample tutorials for the full_audit method of setting up SMB logging.
Should I not be using the logging=normal in the SMB service and go the vfs_objects full_audit route with 11.1u5?
Does anyone have any other tip or instructions to get the best log to see user file access and if there is any authentication issue or connection drop?
Thanks in advance.