After two days from installation of the NS 7RC1 as DC/AD/File server, in this morning I see this in Samba Audit window!
The update was at 03:49 AM, as @fasttech said. Nothing if I press āReloadā.
I still think that is not how supposed to work the Samba Audit module.
As system administrator, I should see everything in real time.
IMO, after I have pressed āReloadā, I should see also the latest actions about file sharing access, not only a refresh after a search action in this window.
PS:
Stupid question: if I change in /etc/logrotate.d/smbaudit ādailyā with āminuteā, the update will be after every minute?
Can be used this?
ā-f, --force
Tells logrotate to force the rotation, even if it doesnāt think this is necessary. Sometimes this is useful after adding new entries to a logrotate config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.ā
OT:
This module, as principle of operation, cannot be adapted and used for searching in other log files (email log, ā¦)? Except, of course, āthe updateā. Should be in real time. Something like a trigger: when is something new in /var/log/ā¦
Samba audit was an old dead project ( https://sourceforge.net/projects/smbdaudit/) based on Samba 3.2 if I remember correctly.
The original software was a VFS samba module, the module was writing a new query directly into MySQL for each operation of files.
The log was written in real time but as soon as as a couple of clients where connected, the whole Samba was slowed down waiting for I/O on MySQL db.
For a while I maintained a fork (slow as hell) for new releases of Samba, but it was too much work.
The new solution is based on full_audit VFS module which writes to a log file.
Each night, the logrotate parses the logs and copy it to a MySQL table.
In short:
logs are not in real time
the āReloadā button must work
In NS 6 the web interface is using perlsuid which isnāt available on NS 7.
I think there is a bug in file mode, can someone please try this fix? (not tested):
Interesting. Franklyā¦ the samba audit gui is less useful to my eyes than just doing a control f with the browser in the log gui against smbaudit.log, but we donāt get smbaudit.log without installing samb-auditā¦ idk.