Updated SMB/CIF auditing instructions for v11

Status
Not open for further replies.
J

JohnL7

Dabbler
Joined
May 7, 2018
Messages
17
I found the following threads here on the forum but they are all stale and for older versions of FreeNAS:

https://forums.freenas.org/index.php?threads/freenas-samba-full_audit-log-user-activity.10007/
https://forums.freenas.org/index.ph...on-samba-shares-full_audit-freenas-9-3.13840/
https://forums.freenas.org/index.ph...rs-activity-with-full_audit-vfs-object.10076/

I was looking at getting updated instructions that work with version 11.1 so I can get this setup. Does anyone have updated instructions as when I tried to get this working nothing appears to be logging the way the sample outputs are shown in the thread.

Thanks in advance!
 
Johnny Fartpants

Johnny Fartpants

Guru
Joined
Jul 3, 2015
Messages
926
I add this to my Auxiliary Parameters field in Services, SMB:

Code:
full_audit:prefix = %u|%I|%m|%S
full_audit:priority = notice
full_audit:failure = connect
full_audit:success = open mkdir unlink rmdir rename


and then on the Share itself add the VFS Object full_audit
 
J

JohnL7

Dabbler
Joined
May 7, 2018
Messages
17
Johnny Fartpants said:
I add this to my Auxiliary Parameters field in Services, SMB:

Code:
full_audit:prefix = %u|%I|%m|%S
full_audit:priority = notice
full_audit:failure = connect
full_audit:success = open mkdir unlink rmdir rename


and then on the Share itself add the VFS Object full_audit
Click to expand...


Did you need to restart any services? Reboot the entire box? I also wanted to confirm that this just modifies the entries being sent to the messages log and not anywhere else correct?
 
F

frouty

Dabbler
Joined
May 24, 2017
Messages
26
Hi,
@Johnny Fartpants I made what you write :
- auxiliary parameters for service samba,
- full_audit in a share dataset
- restart the SMB service.

And from an other linux machine client did a : smbclient //ip_freenas/a_share_dataset.
I connect , I can
smb: \> mkdir test5 # to try

I look in log in freenas : tail -f /var/log/samba4/log.smbd , nmbd and others but nothing happens.

What did I miss?
Thanks
FreeNAS-11.2-RC2
 
Johnny Fartpants

Johnny Fartpants

Guru
Joined
Jul 3, 2015
Messages
926
/var/log/messages
 
F

frouty

Dabbler
Joined
May 24, 2017
Messages
26
OK thanks

I add
log level = 3 passdb:5 auth:5 <------ pour augmenter la verbosité des logs.
in the /usr/local/etc/smb4.conf [global]
And I got enough info to fix my problem.

Is it more interesting to use the full-audit auxiliary parameters?
 
Status
Not open for further replies.

Similar threads

I
SMB enabling Auditing-Third-party
Replies
4
Views
6K
Hellrazorx
H
C
SMB audit tutorial
Replies
0
Views
1K
cdndude
C
D
  • Locked
[inquiry]User activity log
Replies
2
Views
2K
decromel
D
B
  • Locked
freenas 9.10 users activity with full_audit problem
Replies
3
Views
1K
Nick2253
Nick2253
L
  • Locked
[SOLVED] freenas 8.3.0 log users activity with full_audit VFS object
Replies
6
Views
8K
lorenzoASR
L
Top