I work at an educational institution where our curriculum files are pretty valuable in a sense. We are going to be changing our file server to a different machine. I was testing TrueNAS 12 for the time being. I was able to enable full_audit on some of the shared. Read about VFS modules and tested some out too, changed the path to where I wanted and can see the logs. The problem is that the logs are way too much and way too complicated to read and analyze. I've tried to use "Netwrix" to hook into the system and get reports and notifications from there. It didn't work for some reason. If anyone has any kind of experience to make it work, I'd be delighted to no end.
Here is the question: Is there a plugin/system tutorial to actually get event reports to some kind of platform (preferably Slack notification) when a user deletes, opens, modifies, creates or moves a file in real-time?
I've been trying and searching for a solution for a few days, by no means I'm an expert but here are my findings:
Here is the question: Is there a plugin/system tutorial to actually get event reports to some kind of platform (preferably Slack notification) when a user deletes, opens, modifies, creates or moves a file in real-time?
I've been trying and searching for a solution for a few days, by no means I'm an expert but here are my findings:
- Netwrix: Didn't work, couldn't connect or get data from the server, no documentation about BSD support, assumed not compatible.
- GrayLog Plugin: Couldn't make it work, given management address doesn't respond. Tried a few installations, no cigar. Not exactly what i want anyway.
- full_audit: Too much output, too complex to read.
- kqueue: Coulnd't find any guide to install it on a Jail.
- ZFS snapshot diff: Method too static to get any real-time stream.