Leaderboard

Hello Unraid Community! It has come to our attention that in recent days, we've seen a significant uptick in the amount of Unraid server's being compromised due to poor security practices. The purpose of this post is to help our community verify their server's are secure and provide helpful best-practices recommendations to ensuring your system doesn't become another statistic. Please review the below recommendations on your server(s) to ensure they are safe. Set a strong root password Similar to many routers, Unraid systems do not have a password set by default. This is to ensure you can quickly and easily access the management console immediately after initial installation. However, this doesn't mean you shouldn't set one. Doing this is simple. Just navigate to the Users tab and click on root. Now set a password. From then on, you will be required to authenticate anytime you attempt to login to the webGui. In addition, there is a plugin available in Community Apps called Dynamix Password Validator. This plugin will provide guidance on how strong of a password you're creating based on complexity rules (how many capital vs. lowercase letters, numbers, symbols, and overall password length are used to judge this). Consider installing this for extra guidance on password strength. Review port mappings on your router Forwarding ports to your server is required for specific services that you want to be Internet-accessible such as Plex, FTP servers, game servers, VoIP servers, etc. But forwarding the wrong ports can expose your server to significant security risk. Here are just a few ports you should be extra careful with when forwarding: Port 80: Used to access the webGui without SSL (unless you've rebound access to another port on the Management Access settings page). DO NOT forward port 80. Forwarding this port by default will allow you to access the webGui remotely, but without SSL securing the connection, devices in between your browser and the server could "sniff" the packets to see what you're doing. If you want to make the webGui remotely accessible, install the Unraid.net plugin to enable My Servers on your system, which can provide a secure remote access solution that utilizes SSL to ensure your connection is fully encrypted. Port 443: Used to access the webGui with SSL. This is only better than port 80 if you have a root password set. If no root password is set and you forward this port, unauthorized users can connect to your webGui and have full access to your server. In addition, if you forward this port without using the Unraid.net plugin and My Servers, attempts to connect to the webGui through a browser will present a security warning due to the lack of an SSL certificate. Consider making life easier for yourself and utilize Unraid.net with My Servers to enable simple, safe, and secure remote access to your Unraid systems. NOTE: When setting up Remote Access in My Servers, we highly recommend you choose a random port over 1000 rather than using the default of 443. Port 445: Used for SMB (shares). If you forward this port to your server, any public shares can be connected to by any user over the internet. Generally speaking, it is never advisable to expose SMB shares directly over the internet. If you need the ability to access your shares remotely, we suggest utilizing a Wireguard VPN to create a secure tunnel between your device and the server. In addition, if the flash device itself is exported using SMB and this port is forwarded, its contents can easily be deleted and your paid key could easily be stolen. Just don't do this. Port 111/2049: Used for NFS (shares). While NFS is disabled by default, if you are making use of this protocol, just make sure you aren't forwarding these ports through your router. Similar to SMB, just utilize Wireguard to create a secure tunnel from any remote devices that need to connect to the server over NFS. Port 22/23: Used by Telnet and SSH for console access. Especially dangerous for users that don't have a root password set. Similar to SMB, we don't recommend forwarding these ports at all, but rather, suggest users leverage a Wireguard VPN connection for the purposes of connecting using either of these protocols. Ports in the 57xx range: These ports are generally used by VMs for VNC access. While you can forward these ports to enable VNC access remotely for your VMs, the better and easier way to do this is through installing the Unraid.net plugin and enabling My Servers. This ensures that those connections are secure via SSL and does not require individual ports to be forwarded for each VM. Generally speaking, you really shouldn't need to forward many ports to your server. If you see a forwarding rule you don't understand, consider removing it, see if anyone complains, and if so, you can always put it back. Never ever ever put your server in the DMZ No matter how locked down you think you have your server, it is never advisable to place it in the DMZ on your network. By doing so, you are essentially forwarding every port on your public IP address to your server directly, allowing all locally accessible services to be remotely accessible as well. Regardless of how "locked down" you think you actually have the server, placing it in the DMZ exposes it to unnecessary risks. Never ever do this. Consider setting shares to private with users and passwords The convenience of password-less share access is pretty great. We know that and its why we don't require you to set passwords for your shares. However, there is a security risk posed to your data when you do this, even if you don't forward any ports to your server and have a strong root password. If another device on your network such as a PC, Mac, phone, tablet, IoT device, etc. were to have its security breached, it could be used to make a local connection to your server's shares. By default, shares are set to be publicly readable/writeable, which means those rogue devices can be used to steal, delete, or encrypt the data within them. In addition, malicious users could also use this method to put data on your server that you don't want. It is for these reasons that if you are going to create public shares, we highly recommend setting access to read-only. Only authorized users with a strong password should be able to write data to your shares. Don't expose the Flash share, and if you do, make it private The flash device itself can be exposed over SMB. This is convenient if you need to make advanced changes to your system such as modifying the go file in the config directory. However, the flash device itself contains the files needed to boot Unraid as well as your configuration data (disk assignments, shares, etc). Exposing this share publicly can be extremely dangerous, so we advise against doing so unless you absolutely have to, and when you do, it is advised to do so privately, requiring a username and password to see and modify the contents. Keep your server up-to-date Regardless of what other measures you take, keeping your server current with the latest release(s) is vital to ensuring security. There are constant security notices (CVEs) published for the various components used in Unraid OS. We here at Lime Technology do our best to ensure all vulnerabilities are addressed in a timely manner with software updates. However, these updates are useless to you if you don't apply them in a timely manner as well. Keeping your OS up-to-date is easy. Just navigate to Tools > Update OS to check for and apply any updates. You can configure notifications to prompt you when a new update is available from the Settings > Notifications page. More Best Practices Recommendations Set up and use WireGuard, OpenVPN or nginxProxyManager for secure remote access to your Shares. For WireGuard set up, see this handy getting started guide. Set up 2FA on your Unraid Forum Account. Set up a Remote Syslog Server. Install the Fix Common Problems plugin. Installing this plugin will alert you to multiple failed login attempts and much, much more. Change your modem password to something other than the default. Consider installing ClamAV. In addition to all of the above recommendations, we've asked SpaceInvaderOne to work up a video with even more detailed best-practices related to Unraid security. We'll post a link as soon as the video is up to check out what other things you can do to improve your system security. It is of vital importance that all users review these recommendations on their systems as soon as possible to ensure that you are doing all that is necessary to protect your data. We at Lime Technology are committed to keeping Unraid a safe and secure platform for all of your personal digital content, but we can only go so far in this effort. It is ultimately up to you the user to ensure your network and the devices on it are adhering to security best-practices.

A few suggestions if I may, from my experiences in the Cloud Infrastructure World; First, Reviewing Docker Folder Mappings (and to some extent VM Shares). Do all you Docker Containers need read and write access to non appdata folders? If it does, is the scope of the directories restricted to what is needed, or have you given it full read/write to /mnt/user or /mnt/user0 ? For example I need Sonnarr and Radarr to have write access to my TV and Movie Share, so they are restricted to just that, they don't need access to my Personal Photos, or Documents etc. Whereas for Plex, since I don't use the Media Deletion Feature, I dont need Plex, to do anything to those Folders, just read the content. So it has Read Only Permissions in the Docker Config. Additionally, I only have a few containers that need read/write access to the whole server (/mnt/user) and so these are configured to do so, but since they are more "Administration" containers, I keep them off until I need them, most start up in less than 30 seconds. That way, if for whatever reason a container was compromised, the risk is reduced in most cases. Shares on my VM's are kept to only the required directories and mounted as Read Only in the VM. For Docker Containers that use VNC or VMs, set a secure password for the VNC component too, to prevent something on the Network from using it without access (great if you don't have VLAN's etc). This may be "overkill" for some users, but have a look at the Nessus or OpenVAS Containers, and run regular Vulnerability Scans against your Devices / Local Network. I use the Nessus one and (IMO) its the easier of the two to setup, the Essentials (Free) version is limited to 15 IPs, so I scan my unRAID Server, VMs, and a couple of other physical devices and it has SMTP configured so once a week sends me an email with a summary of any issues found, they are categorized by importance as well. I don't think many people do this, but don't use the GUI mode of unRAID as a day to day browser, outside of Setup and Troubleshooting (IMO) it should not be used. Firefox, release updates quite frequently and sometimes they are for CVE's that depending on what sites you visit *could* leave you unprotected. On the "Keeping your Server Up-to-Date" part, while updating the unRAID OS is important, don't forget to update your Docker Containers and Plugins, I use the CA Auto Update for them, and set them to update daily, overnight. Some of the Apps, could be patched for Security Issues, and so keeping the up-to-date is quite useful. Also, one that I often find myself forgetting is the NerdPack Components, I have a few bits installed (Python3, iotop, etc), AFAIK these need to be updated manually. Keeping these Up-to-Date as well is important, as these are more likely to have Security Issues that could be exploited, depending on what you run. Also on the Updates, note, if you have VM's and they are running 24/7 keep these up-to-date too and try and get them as Hardened as possible, these can often be used as a way into your server/network. For Linux Debian/Ubuntu Servers, you can look at Unattended Upgrades, similar alternatives are available for other Distros. For Windows you can configure Updates to Install Automatically and Reboot as needed. Hardening the OS as well, is something I would also recommend, for most common Linux Distros and Windows, there are lots of guides useful online, DigitalOcean is a great source for Linux stuff I have found. If something is not available as a Docker Container or Plugin, don't try and run it directly on the unRAID Server OS itself (unless, its for something physical, e.g. Drivers, or Sensors etc), use a VM (with a Hardened Configuration), keeping only the bare minimum running directly on unRAID, helps to reduce your attack surface. Also, while strictly not part of Security, but it goes Hand in Hand, make sure you have a good Backup Strategy and that all your (important/essential) Data is backed up, sometimes stuff happens and no matter how much you try, new exploits come out, or things get missed and the worst can happen. Having a good backup strategy can help you recover from that, the 321 Backup method is the most common one I see used. If something does happen and you need to restore, where possible, before you start the restore, try and identify what happened, once you have identified the issue, if needed you can restore from Backups to a point in time, where there was no (known) issue, and start from there, making sure you fix whatever the issue was first in your restored server. I have seen a few cases (at work) where peoples Servers have been compromised (typically with Ransomware), they restore from backups, but don't fix the issue (typically a Weak Password for an Admin account, and RDP exposed to the Internet) and within a few hours of restoring, they are compromised again. Other ideas about using SSH Keys, Disabling Telnet/FTP etc, are all good ones, and definitely something to do, and something I would love to see done by default in future releases. EDIT: One other thing I forgot to mention was, setup Notifications for your unRAID server, not all of them will be for Security, but some of the apps like the Fix Common Problems, can alert you for security related issues and you can get notified of potential issues quicker than it may take you to find/discover them yourselves.

I can confirm that today everything is connected and working correctly. Thanks Unraid Team for your hard work.

The docker folder plugin would be a good place to look.

@tabris0202 You seem to have narrowed down the problem to DNS, Yes? perhaps try using a public DNS rather than your ISPs? It is unlikely that any query requests coming from outside are "overloading" your router, the traffic generated by those requests fall into the negligible category. You (or your ISP) may have firewall or IDS/IPS that are tripping but we do not have the information to diagnose the case.

Yes. I’m currently working on this.

I think a large factor on how your experiences on VM's are shaped is the usage of the VM's. If you have 24x7 heavy active production VM's running vfx renders, code compiles etc and your btrfs/zfs systems crashes , then you will see more of the "recovery power" of the filesystem and also more easily find its flaws. My issues where repeatable and unfortunately or fortunately happened in a time where i had lots of total systems crashes due to gpu issues. So this tested the skills of boths filesystems to the limits. Under these same cicomstances hosted on the same ssd's on the same OS version , withe everything else the same, btrfs failed more then once, zfs passed all tests. That is just my experience , but of course every system / setup is different and can lead to different results. Even version of btrfs/zfs/unraid etc can have a large efect on the results. In he end we all stick with what we trust

AMD Sensor support released for APU (Temp) and dGPU (Temp/Fan/Power).

This is implemented in Unraid OS 6.9.x which makes /root/.ssh a symlink to flash config/ssh/root directory.

Ohne dir zu nahe treten zu wollen. Aber je mehr Posts ich von dir lese umso mehr denke ich du solltest bei Mac und Synology bleiben. Kopieren geht entweder über die Konsole oder aber per z.B. Docker Container (Krusader z.B.) Und je nachdem wie die HDDs formatiert sind, benötigst du zusätzlich auch noch das Unassigned Devices PLUS Plugin

Firmware und BMC Update kann ich dir bereitstellen wenn du magst.

Do you have a vfio-pci.cfg file in the /config folder on the flash drive? Put your flash drive in a Windows PC and see if you can find that file. If you only have a bind of 08:00.0 in that file, you can just delete vfio-pci.cfg and the (.bak) if it exists. If you have more devices in there that you want bound, just remove the bind of 08:00.0 from the file and save.

Currently it does not support IPv6

Oh, I see... and I agree, handling the entire unraid server as "exposed host" would be most unwise, especially if you are running privileged containers and such (which I am). But no, I have only opened port 443, nothing else. My router has a separate checkbox for allowing pings to a specific machine, which (to my knowledge) doesn't even know ports. So thanks for clearing that up! Back to my original question: Does myservers support the IPv6 protocol (or is planned to)?

Take the glory!! It's awesome work and thank you to @ljm42 for calling it out! I've been using this daily since I stood up my second unRAID server and the craftsmanship is great. I updated and was able to reissue keys for my four devices in less than 10 minutes.

@ljm42 I am out of town for this weekend, so I used wiregaurd to see if it was on or not. It looks like that was the problem. I'm not sure how or why it got turned off. Many thanks for the suggestion. When I get back to the houses I will verify, but it looks like that was it. 2 weeks for something this simple. I'll report back!

As I said, I never had a single problem... And I will stick to BTRFS since I never had a single problem wirth it. No, this is a VM that only builds the containers and uploads them to Dockerhub so I can build very quickly and very much containers at the same time...

**FIXED** I had to log into my Comcast modem/router and forward the ports from there to my Ubiquiti router. From there I forward the ports to my Unraid server, and finally to the docker. I had to log into the Comcast gateway from my phone, and just cut out the LTE fail over, but its working!

Don't know what you mean there but it may be too late if you do the wrong thing without waiting for advice.

Unclear that they understand the issue. We are approving the post in situ with the approve button while viewing the topic, not via the moderator CP. That means we are, indeed, seeing all unread posts in the topic at the same time we are approving the post. As an additional twist, viewing a post but NOT approving it leaves the post as unread, even though it's been viewed in the thread as many times as you click on it. I know this, because I sort posts oldest to newest, and don't approve foreign language posts I don't understand, and the stupid post stays in my unread filter until it's either approved and viewed, or I mark site read after getting through the rest of the backlog while avoiding the posts stuck at the top of my unread filter. Annoying to say the least.

Its not that difficult.. I was just wondering why people prefer this to the von solution…. Also wondering my idea that a vpn is preferable is actually -true- or just me beiing an old guy.. Verzonden vanaf mijn iPhone met Tapatalk

In all my templates (at least in the ones that I don't forget to set it... ) the settings are never automatically changed and everything is up to the user... Eventually because the template had the option to update itself in it to update itself (this is what I try to avoid and my containers or at least templates should not do that).

Nicht möglich. Wenn Nextcloud eine Sicherheitslücke hat und davon würde ich bei jeder Software ausgehen, dann kannst du dich nicht schützen. Da hilft nur Nextcloud ausschließlich über VPN zu nutzen. Was vielleicht ein bisschen schützt wäre eine rein deutsche IP Range zuzulassen. Aber viel wird das auch nicht helfen, wenn es einer auf deine Daten abgesehen hat. Also Backups, Backups und noch mal Backups. Und eben die anderen Klassiker wie sicheres Passwort und Zwei-Faktor-Authentifizierung. EDIT: Ok, die Ideen hattest du auch schon ^^

Hey LNXD, I tried it already, unfortunately it did not run, i get the same error; Project: PhoenixMiner 5.5c Author: lnxd Base: Ubuntu 14.04.02 Target: Unraid 6.9.0 - 6.9.1 Wallet: 3K4kD8QijmqAJHEqijhWe5Nnbu4CvdURJB Pool: asia1.ethermine.org:4444 Starting PhoenixMiner 5.5c with the following arguments: -pool asia1.ethermine.org:4444 -wal 3K4kD8QijmqAJHEqijhWe5Nnbu4CvdURJB.x -tt 75 -tstop 85 -tstart 80 -cdm 1 -cdmport 5450 -amd Phoenix Miner 5.5c Linux/gcc - Release build -------------------------------------------- [0mNo OpenCL platforms found [91mNo avaiable GPUs for mining. Please check your drivers and/or hardware. [0m I could understand when you are a little exhausted, dealing some year old s**t is often complicated. Thank you very much for your efforts, i hope you will find the igniting spark *fingerscrossing*

If reallocated sectors keep increasing you should replace the disk, disks shouldn't corrupt data even when they are failing, but it's been known to happen. Yep. That's another way of confirming the data corruption. You can do a parity swap, use the new disk for parity and old parity for disk2. You can use xfs or btrfs, data will still corrupt if there's a problem, you just won't be warned about it, for the copy I would personally use rsync, it allows resume if needed: rsync -av /mnt/disk2/ /mnt/disks/UD_disk_name/

It worked! Thank you!

I am having issues with the latest Docker image and i cannot access the application, if i look in the log file located at '/config/supervisord.log' then i see the following message:- '/usr/lib/jvm/java-8-openjdk/jre' is not a valid Java environment path Q. What does it mean and how can i fix it? A. See Q10 from the following link for the solution:- https://github.com/binhex/documentation/blob/master/docker/faq/general.md EDIT - unRAID 6.9.2 has just been released, this includes the latest version of Docker, which in turn includes the latest version of runc, so if you are seeing the message above then the simplest solution is to upgrade to v6.9.2

Thanks for trying that build for me mate. 5 hours into development I'm a bit of a zombie, but I got a build working in an Ubuntu 14.04 container with the correct drivers. If this one doesn't work I'm completely stumped. I'm just going to clean up my code and get a build on DockerHub, should be about another 20 mins, I'll tag you in a post. EDIT: @Lobsi all ready. Same process as usual, should just take an update, and then confirm it shows Ubuntu 14.04.02 in the logs. It's wayyy too many layers but that's why it took me more than 20 minutes, every time I started merging them I'd break something. Fingers crossed it sees your card! Yup, mine's sitting at 4318.41mb. It could be an error with my container but I'm getting the same hash rate as I was running it in a VM, I've never really noticed that it doesn't fill it up. EDIT: Sorry I'm half asleep 😂 that's around the current DAG size, so it's a good thing our memory is only half utilised otherwise we wouldn't be able to mine Eth for much longer.

I simply use the "Virtual Machine Wake On Lan" plugin. 🙂

I am so dumb, I looked and looked for it and couldn't find it. And 5 seconds after posting those screen shots, there it is, under the main tab. Thank you

Ich bin auf OnlyOffice umgestiegen, weil die Darstellung bei Collabora fehlerhaft war. (zB Buttons teilweise einfach nicht angezeigt) Ursprungsthread: https://forums.unraid.net/topic/101665-nextcloud-collabora-office-lokale-installation/?tab=comments#comment-937840&searchlight=1 Issuethread bei Collabora: (leider noch immer keine Rückmeldung) https://forum.collaboraonline.com/t/collabora-online-icons-not-shown-on-mobile-devices/164 Zusätzliche mobile Apps brauchst du bei beiden Lösungen nicht. -> Funktioniert mit der bestehenden Nextcloud App Wenn du in der Nextcloud App ein Dokument öffnest, kannst du es direkt OnTheFly bearbeiten. (Ähnlich wie GoogleDocs)

Oh yeah, meant to say I updated the Stats app and it's awesome now. It looks great...I was just happy to have the data, even in text....but to have it look nice is just icing on the cake! Looks great!

@ich777@steini84@Joly0 Both my systems seem to still be running well on latest unraid and latest ZFS. Both docker.img set as xfs and residing on ZFS SSD Mirror. I am nervous as to why or what changed and wondering what's different between mine and Joly0 - nevertheless it seems like we have a couple of different scenarios we should be able to work it out from.

SMART attributes are recorded by the drive firmware and can't be reset. You can acknowledge the current value by clicking on the SMART warning on the Dashboard page and it will warn again if it increases.

It’s found under Users in each password section. Good question

I seem to be getting an incompatible version error when connecting. Most of the posts on here involved restoring from backup, but this is a brand new server. I have even deleted the "worlds" folder so it recreates it. I do have 'validate' enabled to make sure the files are correct. Ports are forwarded, the server shows up on the main list. I've attached the logs. Edit: Ignore this. I had "valheim plus" enabled in the settings. Once I disabled it, I could connect to the server again. ValheimLogs.txt

Turns out we are a victim of our own success We planned for growth in certain areas of the system but a surge of sign-ins uncovered problems in an unexpected area. Thanks to everyone who installed the plugin and helped uncover this! We are actively working on this and intend to have everything back up later today. Your systems may connect and disconnect throughout the day but it won't hurt them. Please do update your Unraid.net plugin if you haven't already, the latest version has improved logic for disconnects / reconnects and plays a little nicer with mothership

Forward these ports to your TeamSpeak server: Voice: UDP 9987 Filetransfer: TCP 30033 Optional: ServerQuery (raw): TCP 10011 ServerQuery (SSH): 10022 WebQuery (HTTP): TCP 10080 WebQuery (HTTPS): TCP 10443 TSDNS: TCP 41144 From TeamSpeak self

In practical usage I haven't got big difference of dual / quad channel from 1866MT to 3000MT, so I don't care those speed much ( but heat generate in 1.35 was significant ) But a new add repurpose machine have major slow down on 10G network performance, the only difference is it run in single channel 2666MT, I am waiting a memory module RMA back then will got the answer.

You can buy RAM with JEDEC default settings for 3200, just an example: https://www.kingston.com/dataSheets/KVR32N22S6_8.pdf "Gamer" DIMMs usually default to 2133 or 2400 and you need to use the XMP profiles to set it higher, e.g.: https://www.kingston.com/dataSheets/HX432C16FB3_8.pdf I wouldn't really call that overclocking, though you can still I can do it since they usually use higher voltage because of the tighter timings, but worse would be using for example 3600 RAM on a CPU that officially only supports up to 3200.

Nice tips, I just wish it would be easier to setup KeysFile authentication and disable password authentication for the SSH. Just placing your pupkey in the UI and setting a checkbox to disable password auth would be nice. I currently have it setup like ken-ji describes here. Then i edited PasswordAuthentication to "no". Also think about a secure by default approach with future updates. Why not force the user to set a secure password on first load? Why even make shares public by default? Why allow "guest" to access SMB shares by default? Why create a share for the flash in the first place? I get that some of those things make it more convenient, but imo convenience should not compromise security.

Cx File Explorer is working great for me. I can download files from my share and upload files from my android to the share (Unraid). Also via VPN, can´t see any difference to the local network via wifi.

@limetech Seems like a bug with shfs itself: root@MediaStore:/mnt/user/Downloads# echo x > a root@MediaStore:/mnt/user/Downloads# chmod 600 a root@MediaStore:/mnt/user/Downloads# ls -l a -rw------- 1 root root 2 Mar 23 21:44 a root@MediaStore:/mnt/user/Downloads# ls -l /mnt/cache/Downloads/a -rw------- 1 root root 2 Mar 23 21:44 /mnt/cache/Downloads/a root@MediaStore:/mnt/user/Downloads# cat a x root@MediaStore:/mnt/user/Downloads# su nobody -s /bin/sh nobody@MediaStore:/mnt/user/Downloads$ cat a x nobody@MediaStore:/mnt/user/Downloads$ cat /mnt/cache/Downloads/a cat: /mnt/cache/Downloads/a: Permission denied nobody@MediaStore:/mnt/user/Downloads$ echo y > a nobody@MediaStore:/mnt/user/Downloads$ cat a y I hope this is not directly caused by Limetech's stance that Unraid is an appliance and should only have the root user. As this can cause breakage with NFS shares, ransomware protection and general stuff and use cases that expect file permissions to protect stuff

On Google Play you´ll find Network Browser which is not working on folder upload on my mobile (Samsung) it´s crashing with a black screen but works well transfering single files to my shares. I´ve posted the same issue in another language and will let you know as soon as I got something performing much better than NB...

In the Unraid GUI, go to Tools >>> Config File Editor and edit the file from that tool. Do the reboot from the Terminal that is built into the GUI.

I wish I could say the same. Postgres improved performance slightly (enough to actually notice) but not as much as I had been hoping for. Irs still slow to me. I do have thousands of files syncing and some plugins doing other services too

On my side, since 6.9: - Wake On LAN from sleep does not work, I need to manually go to the computer and press on. Seems going to sleep does not work as uptime restart from 0. - Wake On LAN from shutdown does work. This + the fact that activity on array isn't recognized, I must add disks manually.

I updated to tag 5.14.23-ls76 2 days ago, all been fine and note that this tag has not been changed for last 10 days so might be a semi ok version to tag if you want to upgrade. Will check in a week if there is any new ones or movement. P

Purchase Intel + NVIDIA for use with GPU / onboard audio pass through. AMD is notorious for having problems with pass through.

How do I use the Syslog Server? Beginning with release 6.7.0, there has been a syslog server functionality added to Unraid. This can be a very powerful diagnostic tool when you are confronted with a situation where the regular tools can not or do not capture information about about a problem because the server has become non-responsive, has rebooted, or spontaneously powered down. However, getting it set up to use has been confusing to many. Let's see if we clarify setting it up for use. Begin by going to Settings >>> Syslog Server This is the basic Syslog Server page: You can click on the 'Help' icon on the Toolbar and get more information for all of these three options. The first one to be considered for use is the Mirror syslog to flash: This one is the simplest to set up. You select 'Yes' from the dropdown box and click on the 'Apply' button and the syslog will be mirrored to logs folder/directory of the flash drive. There is one principal disadvantage to this method. If the condition, that you are trying to troubleshoot, takes days to weeks to occur, it can do a lot of writes to the flash drive. Some folks are hesitant to use the flash drive in this manner as it may shorten the life of the flash drive. This is how the setup screen looks when the Syslog Server is set up to mirror to the flash drive. The second option is use an external Syslog Server. This can be another Unraid server. You can also use virtually any other computer. You find the necessary software by googling for the syslog server <Operating system> After you have set up the computer/server, you fill in the computer/server name or the IP address. (I prefer to use the IP address as there is never any confusion about what it is.) The Click on the 'Apply' button and your syslog will be mirrored to the other computer. The principal disadvantage to this system is that the other computer has be left on continuously until the problem occurs. The third option uses a bit of trickery in that we use the Unraid server with the problem as the Local syslog server. Let's begin by setting up the Local syslog server. After changing the Local syslog server: dropdown to 'Enabled', the screen will look like this. Note that we have a new menu option-- Local syslog folder: This will be a share on the your server but chose it with care. Ideally, it will be a 'cache only' or a 'cache preferred' share. This will minimize the spinning up of disks due to the continuous writing of new lines to the syslog. A cache SSD drive would be the ideal choice here. (The folder that you see above is a 'cache preferred' share. The syslog will be in the root of that folder/share.) If you click the 'Apply button at this point, you will have this server setup to serve as a Remote Syslog Server. It can now capture syslogs from several computers if the need should arise. Now, we added the ip address of this server as the Remote syslog server (Remember the mention of trickery. So basically, you send data out-of-the-server and it comes-right-back-in.) This is what it looks now: As soon as you click on apply, the logging of your syslog will start to a file named (in this case) syslog-192.168.1.242.log in the root of the selected folder (in this case-- Folder_Tree). One very neat feature is that each entry are appended onto this file every time a new line is added to the syslog. This should mean if you have a reboot of the server after a week of collecting the syslog, you will have everything from before the reboot and after the reboot in one file! Thanks @bonienl for both writing this utility and the guidance in putting this together.