lorenzoASR
Dabbler
- Joined
- Nov 10, 2012
- Messages
- 39
EDIT: you can find the complete tutorial here https://forums.freenas.org/index.php?threads/tutorial-add-full-logging-on-samba-shares-full_audit-freenas-9-3.13840/
Hi,
this post was been for a week in the "Sharing" section, but noone should help me, so i decided to move it here!
I am using FreeNAS-8.3.0-RELEASE-x86 (r12701M).
i need to log all activity of my users on shared resource, and I decided to use the VFS Object "full_audit". I used it without problems on debian in the past, but i'm having some troubles right now!
I added those lines in the configuration of my shared resource, Shared -> CIFS -> MyResourceName -> Auxiliary Parameters:
I have modified too my /etc/syslog.conf , that's the interesting part:
So, i restarted syslogd, and my system created the 2 files activity.log and docs.log under /mnt/storage1/misc/logs/samba/ !
After all I have created a Network Units , put the credentials of a couple of authorized user(from a Vista and an XP box), and i was able to browse/modify/create all i want, but when i check my activity.log file i had a bad surprise:
That's the only messages that i have found! But i set filters on all operation...i really don't uderstand what should be give this problem !
I've done another test, I have disabled the Active Directory, to check if it was the problem with auditing, but I've not solved !
That's my full_audit log after an authentication from Windows XP with a local user added directly on FreeNAS !
The problem is the same...samba seems to don't see the directory that I'm exploring, neither the files that I've created/modified/deleted !!
I hope that some FreeNas developer should help me, beacouse I've searched on the net about "FreeNAS+full_audit" but there isn't nothing about !
Thanks in advance to anyone who will help me! I want really continue to use FreeNAS, but without this feature maybe I will try some other OS!
Thanks in advance
Lorenzo
Hi,
this post was been for a week in the "Sharing" section, but noone should help me, so i decided to move it here!
I am using FreeNAS-8.3.0-RELEASE-x86 (r12701M).
i need to log all activity of my users on shared resource, and I decided to use the VFS Object "full_audit". I used it without problems on debian in the past, but i'm having some troubles right now!
I added those lines in the configuration of my shared resource, Shared -> CIFS -> MyResourceName -> Auxiliary Parameters:
Code:
vfs objects = full_audit full_audit:prefix = %u|%I|%S full_audit:failure = connect full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath full_audit:facility = LOCAL5 full_audit:priority = NOTICE
I have modified too my /etc/syslog.conf , that's the interesting part:
Code:
# Consult the syslog.conf(5) manpage. *.err;kern.warning;auth.notice;mail.crit /dev/console #*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages local5.=info /mnt/storage1/misc/logs/samba/docs.log local5.=notice /mnt/storage1/misc/logs/samba/activity.log local0.notice;local1.notice;local2.notice;local3.notice /var/log/messages local4.notice;local6.notice;local7.notice /var/log/messages
So, i restarted syslogd, and my system created the 2 files activity.log and docs.log under /mnt/storage1/misc/logs/samba/ !
After all I have created a Network Units , put the credentials of a couple of authorized user(from a Vista and an XP box), and i was able to browse/modify/create all i want, but when i check my activity.log file i had a bad surprise:
Code:
Nov 25 19:48:32 freenas smbd_audit: OTTAVIANO\tdei1|192.168.1.146|192.168.1.146|IPC_|connect|ok|IPC$ Nov 25 19:48:50 freenas smbd_audit: OTTAVIANO\tdei1|192.168.1.146|192.168.1.146|IPC_|disconnect|ok|IPC$ Nov 25 19:50:20 freenas smbd_audit: OTTAVIANO\tdei1|192.168.1.146|192.168.1.146|IPC_|connect|ok|IPC$ Nov 25 19:50:37 freenas smbd_audit: OTTAVIANO\tdei1|192.168.1.146|192.168.1.146|IPC_|disconnect|ok|IPC$ Nov 25 19:52:49 freenas smbd_audit: OTTAVIANO\segreteria0|192.168.1.103|postazione3|IPC_|connect|ok|IPC$ Nov 25 19:52:49 freenas smbd_audit: OTTAVIANO\segreteria0|192.168.1.103|postazione3|IPC_|realpath|ok|/tmp Nov 25 19:52:49 freenas smbd_audit: OTTAVIANO\segreteria0|192.168.1.103|postazione3|IPC_|realpath|ok|/var/tmp Nov 25 19:52:49 freenas smbd_audit: OTTAVIANO\segreteria0|192.168.1.103|postazione3|IPC_|chdir|ok|chdir|/var/tmp
That's the only messages that i have found! But i set filters on all operation...i really don't uderstand what should be give this problem !
I've done another test, I have disabled the Active Directory, to check if it was the problem with auditing, but I've not solved !
That's my full_audit log after an authentication from Windows XP with a local user added directly on FreeNAS !
Code:
Nov 27 16:57:13 freenas last message repeated 5 times Nov 27 16:57:13 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|disconnect|ok|IPC$ Nov 27 16:57:13 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|chdir|ok|chdir|/ Nov 27 16:57:35 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|connect|ok|IPC$ Nov 27 16:57:35 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|realpath|ok|/tmp Nov 27 16:57:35 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|realpath|ok|/var/tmp Nov 27 16:57:35 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|chdir|ok|chdir|/var/tmp Nov 27 16:57:49 freenas last message repeated 2 times Nov 27 16:57:49 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|disconnect|ok|IPC$ Nov 27 16:57:49 freenas smbd_audit: lorenzo|192.168.1.131|IPC_|chdir|ok|chdir|/
The problem is the same...samba seems to don't see the directory that I'm exploring, neither the files that I've created/modified/deleted !!
I hope that some FreeNas developer should help me, beacouse I've searched on the net about "FreeNAS+full_audit" but there isn't nothing about !
Thanks in advance to anyone who will help me! I want really continue to use FreeNAS, but without this feature maybe I will try some other OS!
Thanks in advance
Lorenzo
Last edited: