To monitor file changes made by the users on an SMB share it is necessary to install two separate Small Updates (SUs) on your Open-E JovianDSS. They are available for download
under the links below:
90851-JDSS-smb1off_up29r3 - SMB ver. 1 has major vulnerabilitites that would be very problematic for SMB auditing. To allow proper auditing, it is necessary to turn it off using this SU.
To install them, enter the Open-E JovianDSS GUI, go to the "System Settings" and enter the "Update" tab.
When you are there, follow the steps below according to the type of your infrastructure:
Single node
Upload the 90851-JDSS-smb1off_up29r3 SU by clicking the "Upload button" and choosing a proper file.
Click "Install and reboot later" option
Upload the 90852-JDSS-smb-audit_up29r3 SU by clicking the "Upload button" and choosing a proper file.
Click "install and reboot now" option
Cluster
Move all Pools to the first node (active)
Upload the 90851-JDSS-smb1off_up29r3 SU on a passive node (the one without Pools) by clicking the "Upload button" and choosing a proper file.
Click "Install and reboot later" option
Upload the 90852-JDSS-smb-audit_up29r3 SU (the one without Pools) by clicking the "Upload button" and choosing a proper file.
Click "install and reboot now" option
After a reboot is done, move all Pools to the second node
Repeat the SU upload procedure described in steps 2-5 on the first node (now without Pools)
Enabling SMB file monitoring
When SU installation process is finished go to "Storage", expand the Pool you would like to monitor and enter the "Shares" tab. Create a new share called "smb_log" on a new dataset:
Resetting the SMB protocol
To enable the SMB monitoring it is necessary to reset the SMB protocol in Open-E JovianDSS. Enter the "Storage Settings", disable the SMB service and Click "Apply".
After the process finishes enable it and click "Apply" again.
Log file preview
After all the steps are finished, all changes done on SMB shares are saved in a log file saved automatically on smb_log share. To access it, connect to the share through SMB and browse through log files saved there.
A sample output is presented below:
Dec 30 13:05:10 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:15 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:15 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:36 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New Text Document.txt|/Pools/Pool-0/data/open_e_test_file.txt
Dec 30 13:05:44 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/open_e_test_file.txt
Dec 30 13:05:54 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/~ew shortcut.tmp
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New shortcut.lnk|/Pools/Pool-0/data/New shortcut.lnk~RF4e1abbac.TMP
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/~ew shortcut.tmp|/Pools/Pool-0/data/New shortcut.lnk
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/New shortcut.lnk~RF4e1abbac.TMP
Dec 30 13:06:00 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/New shortcut.lnk
Dec 30 13:06:02 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|mkdir|ok|New folder
Dec 30 13:06:09 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New folder|/Pools/Pool-0/data/Open-E JovianDSS