NethServer Version: 7RC1 Module: File server - Samba audit
Hi guys,
I have the following situation: nothing is shown in Reports -> Samba audit window, even there are records in Administration -> Log viewer: /var/log/smbaudit.log
But it is supposed to parse the logs on a daily basis (nightly?).
The manual says the parsing can be forced from web-ui, but if it’s the reload link (unsure) it does not work for me.
After two days from installation of the NS 7RC1 as DC/AD/File server, in this morning I see this in Samba Audit window!
The update was at 03:49 AM, as @fasttech said. Nothing if I press “Reload”.
I still think that is not how supposed to work the Samba Audit module.
As system administrator, I should see everything in real time.
IMO, after I have pressed “Reload”, I should see also the latest actions about file sharing access, not only a refresh after a search action in this window.
PS:
Stupid question: if I change in /etc/logrotate.d/smbaudit “daily” with “minute”, the update will be after every minute?
Can be used this?
“-f, --force
Tells logrotate to force the rotation, even if it doesn’t think this is necessary. Sometimes this is useful after adding new entries to a logrotate config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.”
OT:
This module, as principle of operation, cannot be adapted and used for searching in other log files (email log, …)? Except, of course, “the update”. Should be in real time. Something like a trigger: when is something new in /var/log/…
Samba audit was an old dead project ( https://sourceforge.net/projects/smbdaudit/) based on Samba 3.2 if I remember correctly.
The original software was a VFS samba module, the module was writing a new query directly into MySQL for each operation of files.
The log was written in real time but as soon as as a couple of clients where connected, the whole Samba was slowed down waiting for I/O on MySQL db.
For a while I maintained a fork (slow as hell) for new releases of Samba, but it was too much work.
The new solution is based on full_audit VFS module which writes to a log file.
Each night, the logrotate parses the logs and copy it to a MySQL table.
In short:
logs are not in real time
the “Reload” button must work
In NS 6 the web interface is using perlsuid which isn’t available on NS 7.
I think there is a bug in file mode, can someone please try this fix? (not tested):