Advanced Settings

Advanced Settings provides configuration options for the console, syslog, kernel, sysctl, replication, cron jobs, init/shutdown scripts, system dataset pool, isolated GPU device(s), self-encrypting drives, system access sessions, allowed IP addresses, audit logging, and global two-factor authentication.

This article provides information on sysctl, system dataset pool, setting the maximum number of simultaneous replication tasks the system can perform, and managing sessions.

The Audit widget displays the current audit storage and retention policy settings. The public-facing API allows querying audit records, exporting audit reports, and configuring audit dataset settings and retention periods.

The Audit configuration screen sets the retention period, reservation size, quota size and percentage of used space in the audit dataset that triggers warning and critical alerts.

Audit Settings

Settings	Description
Retention (in days)	Enter the number of days to retain local audit messages.
Reservation (in GiB)	Enter the size (in GiB) of reserved space to allocate on the ZFS dataset where the audit databases are stored. The reservation specifies the minimum amount of space guaranteed to the dataset, and counts against the space available for other datasets in the zpool where the audit dataset is located. To disable, enter zero (0).
Quota (in GiB)	Enter the size (in GiB) of the maximum amount of space that can be consumed by the dataset where the audit databases are stored. To disable, enter zero (0).
Quota Fill Warning (in %)	Enter a percentage threshold. TrueNAS generates a warning level alert when the dataset quota reaches that capacity used. Allowed range: 5 - 80.
Quota Fill Critical (in %)	Enter a percentage threshold. TrueNAS generates a critical level alert when the dataset quota reaches that capacity used. Allowed range: 50 - 95.

Click Configure to open the Audit configuration screen and manage storage and retention policies

Use Add on the Sysctl widget to add a tunable that configures a kernel module parameter at runtime.

The Add Sysctl or Edit Sysctl configuration screens display the settings.

Enter the sysctl variable name in Variable. Sysctl tunables configure kernel module parameters while the system runs and generally take effect immediately.

Enter a sysctl value for the loader in Value.

Enter a description and then select Enabled. To disable but not delete the variable, clear the Enabled checkbox.

Click Save.

Storage widget displays the pool configured as the system dataset pool and allows users to select the storage pool they want to hold the system dataset. The system dataset stores core files for debugging and keys for encrypted pools. It also stores Samba4 metadata, such as the user and group cache and share-level permissions.

Configure opens the Storage Settings configuration screen.

If the system has one pool, TrueNAS configures that pool as the system dataset pool. If your system has more than one pool, you can set the system dataset pool using the Select Pool dropdown. Users can move the system dataset to an unencrypted pool, or an encrypted pool without passphrases.

Users can move the system dataset to a key-encrypted pool, but cannot change the pool encryption type afterward. If the encrypted pool already has a passphrase set, you cannot move the system dataset to that pool.

The Replication widget displays the number of replication tasks that can execute simultaneously on the system. It allows users to adjust the maximum number of replication tasks the system can execute simultaneously.

Click Configure to open the Replication configuration screen.

Enter a number for the maximum number of simultaneous replication tasks you want to allow the system to process and click Save.

Use the System > Advanced Settings screen Allowed IP Addresses configuration screen to restrict access to the TrueNAS web UI and API.

Entering an IP address limits access to the system to only the address(es) entered here. To allow unrestricted access to all IP addresses, leave this list empty.

The Access widget displays a list of all active sessions, including the user who initiated the session and what time it started, the Session Timeout setting for your current session, and the UI Login Banner. It allows administrators to manage other active sessions and to configure the session timeout for their account.

The Terminate Other Sessions button ends all sessions except for the one you are currently using. You can also end individual sessions by clicking the logout button next to that session. You must check a confirmation box before the system allows you to end sessions.

The logout icon is inactive for the currently logged in administrator session and active for any other current sessions. It cannot be used to terminate the currently logged in active administrator session.

Session Timeout displays the configured token duration for the current session (default five minutes). TrueNAS logs out user sessions that are inactive for longer than that configured token setting for the user. New activity resets the token counter.

If the configured session timeout is exceeded, TrueNAS displays a Logout dialog with the exceeded ticket lifetime value and the time that the session is scheduled to terminate.

Click Extend Session to reset the token counter. If the button is not clicked, the TrueNAS terminates the session automatically and returns to the log in screen.\

Login Banner displays the custom text that TrueNAS displays before the login screen, if configured.

Click Configure to open the Access Settings screen and configure Session Timeout or Login Banner.

Select a value that fits user needs and security requirements. Enter the value in seconds.

The default session timeout setting is 300 seconds, or five minutes.

The minimum value allowed is 30 seconds and the maximum is 2147482 seconds, or 20 hours, 31 minutes, and 22 seconds.

Click Save.