jgiles Posted September 23, 2015 Share Posted September 23, 2015 Hi List, So, we had someone delete some files from out server a few days ago. We were able to restore from backup, but wanted to know who the person was. I run a standalone samba setup using CentOS and have the ability to fully audit who does what and the information goes into the logs and ultimately into the logwatch report every night. Im not looking from such administrative granularity with unRaid, but is there a way to see who deleted these files? I looked in the log files that were present and there was little information in them. Is there a way to turn on auditing from the gui/web page, or should we modify the config files if needed? Thnaks! Quote Link to comment
RobJ Posted September 25, 2015 Share Posted September 25, 2015 I'm sorry, but there is no capability like that included with v5 or v6 of unRAID. However, using a smb-extra.conf file (in the /config folder of the boot flash), you should be able to configure it any way you like. You sound like you know much more about that than I do. Also, a 'recycle bin' feature can be set up the same way, manually in v5, a configurable plugin in v6. It won't tell you whodunnit though. Quote Link to comment
jgiles Posted September 25, 2015 Author Share Posted September 25, 2015 HI Rob, Thanks for the reply , Ok, I didnt know about the smb-extra.conf file. I'll look into that. I looked at my server and I just have log level 2 and it gives me who accessed the files and such, but you can also do: full_audit:success = connect unlink rmdir opendir disconnect full_audit:failure = connect unlink rmdir opendir disconnect unlink = delete on each share and that will tell you who did what and when . I will look into that. Thanks! Joe Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.