Huseyin Yanardag
Cadet
- Joined
- Jan 30, 2015
- Messages
- 3
Hello there,
I have migrated from FreeNAS 11.1-U7 to TrueNAS 12.0-U3.1 but smb full_auditing not working.
I have applied these settings;
1. Edit the file "/conf/base/etc/local/syslog-ng.conf.freenas" and add:
#
# samba activity logs
#
#
destination m_samba_audit { file("/var/log/samba4/activity.log"); };
log { source(src); filter(f_local5);destination(m_samba_audit); flags(final); };
2. Add the following lines in aux parameters in cifs service: (on web-gui , which share you want to audit)
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = rename unlink link rmdir mkdir write pwrite
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
3. Add in Samba sharing the "full_audit" in VFS Objects
4. For the logs rotation add in “/conf/base/etc/newsyslog.conf”(Example to keep logs for two years):
/var/log/samba4/activity.log 640 720 * @T00 JC
Now you can see the logs auditing in "/var/log/samba4/activity.log".
But i get an error like this;
[2021/06/01 14:08:44.160889, 0] ../../source3/modules/vfs_full_audit.c:774(smb_full_audit_connect)
smb_full_audit_connect: Invalid auditing configuration. Denying access to service [SHARES] at path [/mnt/volume1/shares]
[2021/06/01 14:08:44.160918, 1] ../../source3/smbd/service.c:682(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'SHARES' at '/mnt/volume1/shares' failed: Permission denied
I have migrated from FreeNAS 11.1-U7 to TrueNAS 12.0-U3.1 but smb full_auditing not working.
I have applied these settings;
1. Edit the file "/conf/base/etc/local/syslog-ng.conf.freenas" and add:
#
# samba activity logs
#
#
destination m_samba_audit { file("/var/log/samba4/activity.log"); };
log { source(src); filter(f_local5);destination(m_samba_audit); flags(final); };
2. Add the following lines in aux parameters in cifs service: (on web-gui , which share you want to audit)
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = rename unlink link rmdir mkdir write pwrite
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
3. Add in Samba sharing the "full_audit" in VFS Objects
4. For the logs rotation add in “/conf/base/etc/newsyslog.conf”(Example to keep logs for two years):
/var/log/samba4/activity.log 640 720 * @T00 JC
Now you can see the logs auditing in "/var/log/samba4/activity.log".
But i get an error like this;
[2021/06/01 14:08:44.160889, 0] ../../source3/modules/vfs_full_audit.c:774(smb_full_audit_connect)
smb_full_audit_connect: Invalid auditing configuration. Denying access to service [SHARES] at path [/mnt/volume1/shares]
[2021/06/01 14:08:44.160918, 1] ../../source3/smbd/service.c:682(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'SHARES' at '/mnt/volume1/shares' failed: Permission denied