Open-E Knowledgebase
Knowledgebase
Downloads
Tags
Ask a Question
Open-E Website
Open-E Instagram Profile!
Follow us!
Like us!
Open-E / KB Home / JovianDSS / JovianDSS Information / SMB audit / [JDSS] Monitoring file changes on an SMB share / Email to friend
Email to friend
Multiple emails allowed. Separate with commas



[JDSS] Monitoring file changes on an SMB share

Small update (SU) installation

To monitor file changes made by the users on an SMB share it is necessary to install two separate Small Updates (SUs)  on your Open-E JovianDSS. They are available for download
under the links below:

90851-JDSS-smb1off_up29r3 - SMB ver. 1 has major vulnerabilitites that would be very problematic for SMB auditing. To allow proper auditing, it is necessary to turn it off using this SU.

90852-JDSS-smb-audit_up29r3 - This SU installs the auditing tool.

To install them, enter the Open-E JovianDSS GUI, go to the "System Settings" and enter the "Update" tab.

When you are there, follow the steps below according to the type of your infrastructure:

Single node

  1. Upload the 90851-JDSS-smb1off_up29r3 SU by clicking the "Upload button" and choosing a proper file.
  2. Click "Install and reboot later" option
  3. Upload the 90852-JDSS-smb-audit_up29r3 SU by clicking the "Upload button" and choosing a proper file.
  4. Click "install and reboot now" option

Cluster

  1. Move all Pools to the first node (active)
  2. Upload the 90851-JDSS-smb1off_up29r3 SU on a passive node (the one without Pools) by clicking the "Upload button" and choosing a proper file.
  3. Click "Install and reboot later" option
  4. Upload the 90852-JDSS-smb-audit_up29r3 SU (the one without Pools) by clicking the "Upload button" and choosing a proper file.
  5. Click "install and reboot now" option
  6. After a reboot is done, move all Pools to the second node
  7. Repeat the SU upload procedure described in steps 2-5 on the first node (now without Pools)

Enabling SMB file monitoring

When SU installation process is finished go to "Storage", expand the Pool you would like to monitor and enter the "Shares" tab. Create a new share called "smb_log" on a new dataset:

Resetting the SMB protocol

To enable the SMB monitoring it is necessary to reset the SMB protocol in Open-E JovianDSS. Enter the "Storage Settings", disable the SMB service and Click "Apply".

After the process finishes enable it and click "Apply" again.

Log file preview

After all the steps are finished, all changes done on SMB shares are saved in a log file saved automatically on smb_log share. To access it, connect to the share through SMB and browse through log files saved there.

A sample output is presented below:

Dec 30 13:05:10 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:15 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:15 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/Open-E-JovianDSS-Advanced-Metro-High-Avability-Cluster.pdf
Dec 30 13:05:36 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New Text Document.txt|/Pools/Pool-0/data/open_e_test_file.txt
Dec 30 13:05:44 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/open_e_test_file.txt
Dec 30 13:05:54 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|pwrite|ok|/Pools/Pool-0/data/~ew shortcut.tmp
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New shortcut.lnk|/Pools/Pool-0/data/New shortcut.lnk~RF4e1abbac.TMP
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/~ew shortcut.tmp|/Pools/Pool-0/data/New shortcut.lnk
Dec 30 13:05:56 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/New shortcut.lnk~RF4e1abbac.TMP
Dec 30 13:06:00 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|unlink|ok|/Pools/Pool-0/data/New shortcut.lnk
Dec 30 13:06:02 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|mkdir|ok|New folder
Dec 30 13:06:09 node-39d18ffc smbd_audit: Open-E_user|192.168.251.81|laptop-u309iudc|data1|rename|ok|/Pools/Pool-0/data/New folder|/Pools/Pool-0/data/Open-E JovianDSS
RSS
The Knowledge base is managed by Open-E data storage software company.