Thereās a script /etc/logrotate.d/smbaudit whereās the command is executed
/var/log/smbaudit.log {
rotate 5
daily
notifempty
copytruncate
create 640 root root
prerotate
/usr/bin/smbauditdbupdate.pl
endscript
}
So itās possible that the database is updated overnight
Already tried!
About two days!
The last installation of NS was yesterday.
Nothing over the night
Ps
I will check over two hours.
Iām on the road to home now.
Anyway, this must be āliveā.
Usually, nightly update is about 3 am on my rc1, but manual reload is always a fail.
OK!
Iām home now, in front of my laptop.
As I said, on NS 7b2 everything worked fine (even shared folder access, R&W, as guest; but this will be another topic).
On NS 7b2, from GUI, if I press āReloadā I can see the last records about the shared folder access. In NS 7RC1, nothing happen.
Samba audit must be in real time, not overnight.
Here are the two scripts for logrotate: one is from test machine with NS 7b2 and one is from the new NS 7RC1. There are the same.
WOW!
After two days from installation of the NS 7RC1 as DC/AD/File server, in this morning I see this in Samba Audit window!
The update was at 03:49 AM, as @fasttech said. Nothing if I press āReloadā.
I still think that is not how supposed to work the Samba Audit module.
As system administrator, I should see everything in real time.
IMO, after I have pressed āReloadā, I should see also the latest actions about file sharing access, not only a refresh after a search action in this window.
PS:
Stupid question: if I change in /etc/logrotate.d/smbaudit ādailyā with āminuteā, the update will be after every minute?
EDIT:
No, acording this:
https://linuxconfig.org/logrotate-8-manual-page
only daily, weekly, monthly, yearly.
Can be used this?
ā-f, --force
Tells logrotate to force the rotation, even if it doesnāt think this is necessary. Sometimes this is useful after adding new entries to a logrotate config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.ā
OT:
This module, as principle of operation, cannot be adapted and used for searching in other log files (email log, ā¦)? Except, of course, āthe updateā. Should be in real time. Something like a trigger: when is something new in /var/log/ā¦
Samba audit was an old dead project ( https://sourceforge.net/projects/smbdaudit/) based on Samba 3.2 if I remember correctly.
The original software was a VFS samba module, the module was writing a new query directly into MySQL for each operation of files.
The log was written in real time but as soon as as a couple of clients where connected, the whole Samba was slowed down waiting for I/O on MySQL db.
For a while I maintained a fork (slow as hell) for new releases of Samba, but it was too much work.
The new solution is based on full_audit VFS module which writes to a log file.
Each night, the logrotate parses the logs and copy it to a MySQL table.
In short:
In NS 6 the web interface is using perlsuid which isnāt available on NS 7.
I think there is a bug in file mode, can someone please try this fix? (not tested):
chmod 0755 /usr/bin/smbauditrotate.pl
chmod 0440 /etc/sudoers.d/samba-audit
Thanks for such detailed insights 
Sorry, but I have no time to dig into it right now.
What we basically need to do is execute this script /usr/bin/smbauditdbupdate.pl using sudo via logrotate.
Maybe the behavior of logrotate changed a bit?
After the chmod (no problem if the first one failed), try to hit the āReloadā button 
I did it! Nothing change!
Maybe sometime ā¦
Anyway, thank you!
In /usr/bin/, there is only āsmbauditdbupdate.plā
The Reload link is using that option and logrotate is called through php system(sudo ā¦)
The smbauditrotate.pl appears in the .spec file but is no longer present in NS7. I could be wrong but think itās no longer needed.
Maybe it is just some sudoers/permissions issue.
Iām moving this to the bug section.
IT WORKS!
Thank you @giacomo!
YOU ARE THE MAN! 
This is for speed: 
PS:
No āEditā option!
Thank you @dnutan!
Interesting. Franklyā¦ the samba audit gui is less useful to my eyes than just doing a control f with the browser in the log gui against smbaudit.log, but we donāt get smbaudit.log without installing samb-auditā¦ idk.
If you need only a text log, you could use the full_audit module of Samba.
Just create a template custom like the one from samba-audit:
