Log if multiple member assigning rights using Dataset -> ACL

Hello Community,

I hope everyone is doing well!

We have a setup where multiple users with root access are involved in managing TrueNAS, and we want to ensure we can track and audit any modifications made to the ACLs on datasets. Specifically, we want to know from which IP address or computer name the ACL changes are being made.

Is there a way in TrueNAS to log the following:

The IP address or hostname of the system making ACL modifications on datasets.
The time and details of these modifications (such as user/group changes, permissions, etc.).

We are currently looking for a method to capture this level of detail in the system logs or set up specific auditing for these actions. Any advice or configuration steps to achieve this would be greatly appreciated!

I think Audit logging will handle most of this, if not all:

Changes made via our API / UI are entered into the audit log as of 24.10. If you expose the path via SMB then you may also want to set up separate auditing on a per-share basis.

Thanks for the quick response, we have TrueNAS core - Version: TrueNAS-13.0-U6.2

Could you please guide whether I need to enable it anywhere or any Auxiliary Parameters (currently I have this parameters on every shared folder → vfs objects = full_audit streams_xattr zfsacl)

and on SMB level below parameters:
full_audit:prefix = USER=%u|IP=%I|%m|SHARE=%S|%P
full_audit:failure = connect
full_audit:success = unlinkat linkat
full_audit:facility = local5
full_audit:priority = NOTICE

Manually enabling aux parms is not supported, nor recommended. If you want this functionality, suggest an upgrade to 24.10 version as soon as you can.

It’s SCALE right, no option on CORE ?

Correct.

SMB auditing is in SCALE (and your auxiliary parameters will break it so remove those). UI/API auditing was introduced in 24.10.