Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: tamuin on February 07, 2020, 03:36:54 am

Title: Samba logs
Post by: tamuin on February 07, 2020, 03:36:54 am
I believe I have a problem with samba (which I will put in another post).  I have been trying to take a look at the logs to figure out what is going on and it appears that the webui for logs in Zentyal is not working correctly (perhaps just on my machine).

If I go to the logs screen in the webui and take a look at the samba log for "any event" the last activity I see is this:
Code: [Select]
2020-02-06 15:53:11   10.10.10.233   LTRW\smulligan  Read file .

But if I take a look at syslog, this is what I see:
Code: [Select]
grep smulligan /var/log/syslog | tail
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|disconnect|ok|Archive
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|chdir|ok|chdir|/home/samba/shares/Shared
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|.
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|file_id_create|ok|31:3161c:0
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|/home/samba/shares/Shared
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|chdir|ok|chdir|/
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|.
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|file_id_create|ok|fd00:2:0
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|stat|ok|/
Feb  6 19:19:05 stthomas smbd_audit: LTRW\smulligan|10.10.10.233|disconnect|ok|Shared

As you can see there is a multi-hour gap.  During this gap there was quite a bit of samba activity but it is not showing up in the webui logs screen.  Any idea why?

Restarting logs through the dashboard widget kinda helps, now there is a new log entry:
Code: [Select]
2020-02-06 21:28:08   10.10.10.205   LTRW\ap   Read file   20191216_135831.jpg
But there still is a multi-hour gap.  Any idea of what is going on?  I have assumed that the logs screen is searching the syslog but perhaps it does something else, I could not find anything in the Zentyal documentation that provides any insite on how Zentyal stores its logs.
Title: Re: Samba logs
Post by: tamuin on February 14, 2020, 03:48:50 am
I apologize for replying to my own post, but I have some additional information.  I am seeing the following in syslog:
Code: [Select]
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Main process exited, code=exited, status=9/n/a
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Failed with result 'exit-code'.
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Service hold-off time over, scheduling restart.
Feb 13 00:07:55 stthomas systemd[1]: zentyal.loggerd.service: Scheduled restart job, restart counter is at 2.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Main process exited, code=exited, status=9/n/a
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Failed with result 'exit-code'.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Service hold-off time over, scheduling restart.
Feb 13 19:50:39 stthomas systemd[1]: zentyal.loggerd.service: Scheduled restart job, restart counter is at 1.
Is there a conf file for 'loggerd'?  is anyone else having this issue?
Title: Re: Samba logs
Post by: doncamilo on February 14, 2020, 04:14:14 pm
 :)

In relation to your first post, the time gap could be produced due to the way the Logs module stores the timestamp in MySQL (unix epoch) could be the Zentyal Logs module isn't applying correctly the timezone? It's the only explanation I can imagine right now.

In your case, I would study the system clock (use 'timedatectl').

In relation to the loggerd service, there are some threads of this kind of errors here in the forum, but, right now, I haven't seen any of these issues in my machines.

I would try crossing the errors of  the zentyal.log with these of syslog.

Cheers!
Title: Re: Samba logs
Post by: cleitonme on December 01, 2020, 07:54:02 pm
Samba logs here don't look right either. I can't figure out why