Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

[TUTORIAL] ADD FULL LOGGING ON SAMBA SHARES (FULL_AUDIT) - FreeNAS <=9.3

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE
Status
Not open for further replies.

mykolaq

Member
Joined
Apr 10, 2014
Messages
61
Hello! Thank you for istruction:) is it ok that in samba_activity.log info about connections? something like this
Code:
Jan 23 17:38:39 storsrv snmpd[3760]: Connection from UDP: [192.168.3.171]:57036->[192.168.3.221]:161
Jan 23 17:38:39 storsrv snmpd[3760]: Connection from UDP: [192.168.3.171]:50948->[192.168.3.221]:161

How can i configure, that only info about audit (open, mkdir, rmdir, unlink, write, rename, chmod, chown, for example) writes. For example, like this
Code:
[root@storsrv] /mnt/MainData/auditlogs# cat samba_activity.log | grep smbd_audit | grep test.txt Jan 23 16:30:37 storsrv smbd_audit: contoso\admin|192.168.3.6|192.168.3.6|Stuff|rename|ok|Новый текстовый документ.txt|test.txt
Jan 23 16:30:53 storsrv smbd_audit: contoso\admin|192.168.3.6|192.168.3.6|Stuff|unlink|ok|test.txt
 

Nikoz

Newbie
Joined
Feb 24, 2017
Messages
1
Hi all, could you please explain for the ordinary mortals what involves the step - 2) Edit /conf/base/etc/syslog.conf and add the chars in RED!

Regards
 

mykolaq

Member
Joined
Apr 10, 2014
Messages
61
Hello! I have noticed that syslog-ng configuration strings for audit are deletting anytime after update, are there any ways to prevent it? it's not comfortable
 

tokensolution

Neophyte
Joined
Apr 26, 2018
Messages
6
Is the moving of logs to share storage section still applicable for v11? And like Nikoz mentions, this mere mortal needs help (color red seems to be stripped from OPs tutorial). In addition to OPs guide, it looks like I needed to use the drop-down in the services>logging, set to "normal" to start getting logs in var/log/samba4/log.smbd that showed user activity of viewing/closing a file.
 
Last edited:
Status
Not open for further replies.
Top