Author Topic: Samba logs  (Read 78 times)

tamuin

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Samba logs
« on: February 07, 2020, 03:36:54 am »
I believe I have a problem with samba (which I will put in another post).  I have been trying to take a look at the logs to figure out what is going on and it appears that the webui for logs in Zentyal is not working correctly (perhaps just on my machine).

If I go to the logs screen in the webui and take a look at the samba log for "any event" the last activity I see is this:
Code: [Select]
2020-02-06 15:53:11   10.10.10.233   LTRW\smulligan  Read file .

But if I take a look at syslog, this is what I see:
Code: [Select]
grep smulligan /var/log/syslog | tail
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|disconnect|ok|Archive
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|chdir|ok|chdir|/home/samba/shares/Shared
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|.
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|file_id_create|ok|31:3161c:0
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|/home/samba/shares/Shared
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|chdir|ok|chdir|/
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|.
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|file_id_create|ok|fd00:2:0
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|/
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|disconnect|ok|Shared

As you can see there is a multi-hour gap.  During this gap there was quite a bit of samba activity but it is not showing up in the webui logs screen.  Any idea why?

Restarting logs through the dashboard widget kinda helps, now there is a new log entry:
Code: [Select]
2020-02-06 21:28:08   10.10.10.205   LTRW\ap   Read file   20191216_135831.jpg
But there still is a multi-hour gap.  Any idea of what is going on?  I have assumed that the logs screen is searching the syslog but perhaps it does something else, I could not find anything in the Zentyal documentation that provides any insite on how Zentyal stores its logs.
« Last Edit: February 07, 2020, 04:33:08 am by tamuin »

tamuin

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: Samba logs
« Reply #1 on: February 14, 2020, 03:48:50 am »
I apologize for replying to my own post, but I have some additional information.  I am seeing the following in syslog:
Code: [Select]
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Main process exited, code=exited, status=9/n/a
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Failed with result 'exit-code'.
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Service hold-off time over, scheduling restart.
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Scheduled restart job, restart counter is at 2.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Main process exited, code=exited, status=9/n/a
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Failed with result 'exit-code'.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Service hold-off time over, scheduling restart.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Scheduled restart job, restart counter is at 1.
Is there a conf file for 'loggerd'?  is anyone else having this issue?

doncamilo

  • Zen Samurai
  • ****
  • Posts: 331
  • Karma: +68/-1
    • View Profile
Re: Samba logs
« Reply #2 on: February 14, 2020, 04:14:14 pm »
 :)

In relation to your first post, the time gap could be produced due to the way the Logs module stores the timestamp in MySQL (unix epoch) could be the Zentyal Logs module isn't applying correctly the timezone? It's the only explanation I can imagine right now.

In your case, I would study the system clock (use 'timedatectl').

In relation to the loggerd service, there are some threads of this kind of errors here in the forum, but, right now, I haven't seen any of these issues in my machines.

I would try crossing the errors of  the zentyal.log with these of syslog.

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.