[TUTORIAL] ADD FULL LOGGING ON SAMBA SHARES (FULL_AUDIT) - FreeNAS <=9.3

Status
Not open for further replies.

mykolaq

Explorer
Joined
Apr 10, 2014
Messages
61
Hello! Thank you for istruction:) is it ok that in samba_activity.log info about connections? something like this
Code:
Jan 23 17:38:39 storsrv snmpd[3760]: Connection from UDP: [192.168.3.171]:57036->[192.168.3.221]:161
Jan 23 17:38:39 storsrv snmpd[3760]: Connection from UDP: [192.168.3.171]:50948->[192.168.3.221]:161

How can i configure, that only info about audit (open, mkdir, rmdir, unlink, write, rename, chmod, chown, for example) writes. For example, like this
Code:
[root@storsrv] /mnt/MainData/auditlogs# cat samba_activity.log | grep smbd_audit | grep test.txt Jan 23 16:30:37 storsrv smbd_audit: contoso\admin|192.168.3.6|192.168.3.6|Stuff|rename|ok|Новый текстовый документ.txt|test.txt
Jan 23 16:30:53 storsrv smbd_audit: contoso\admin|192.168.3.6|192.168.3.6|Stuff|unlink|ok|test.txt
 

Nikoz

Cadet
Joined
Feb 24, 2017
Messages
1
Hi all, could you please explain for the ordinary mortals what involves the step - 2) Edit /conf/base/etc/syslog.conf and add the chars in RED!

Regards
 

mykolaq

Explorer
Joined
Apr 10, 2014
Messages
61
Hello! I have noticed that syslog-ng configuration strings for audit are deletting anytime after update, are there any ways to prevent it? it's not comfortable
 
Joined
Apr 26, 2018
Messages
7
Is the moving of logs to share storage section still applicable for v11? And like Nikoz mentions, this mere mortal needs help (color red seems to be stripped from OPs tutorial). In addition to OPs guide, it looks like I needed to use the drop-down in the services>logging, set to "normal" to start getting logs in var/log/samba4/log.smbd that showed user activity of viewing/closing a file.
 
Last edited:
Status
Not open for further replies.
Top