Yesterday at 01:18 PM1 day Hello happy people. I am looking into the OpenCanary app on Unraid and I want to monitor a specific SMB share so I get alerts if anything changes something in that share. What I ultimately want is a process that stops the array if the honeypot is engaged in case of ransomware. Reading up on setup, I notice that a key part of the configuration is full_audit in the SMB config. Per the OpenCanary setup for SMB ... vfs object = full_audit full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D full_audit:success = flistxattr full_audit:failure = none full_audit:facility = local7 full_audit:priority = noticeI am wondering if this would be a logging nightmare that causes server crashes?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.