Enable SMB logging on encrypted drives

Jawab · July 21, 2025, 1:57pm

Your Operating System you are using to access your NAS: Ubuntu 22.04

NAS model: QNAP TS-673A

Firmware Version/Build numbers - QTS 5.2.5.3162 (latest)

Network Setup (ie Single Port or Port Trunking): Single Port

We’re running a QNAP device with encrypted volumes and are trying to enable SMB logging for auditing purposes. However, when we attempt to enable SMB under Log Settings > Connection Types, we receive the following error message under Log Data Location:

“Input error. The destination is not supported. Logs can only be saved on an unencrypted local volume/storage space with at least 10% of free space.”

Due to this limitation, we’re unable to store SMB logs directly on the encrypted volume.

To work around this, we have configured an external syslog server, and HTTPS logs are being successfully forwarded. However, SMB-related logs are not being transmitted to the external syslog server.

Unfortunately, decrypting the volume is not an option, as doing so would result in data loss.

We’re seeking any alternative methods or workarounds to capture SMB logging activity on a QNAP system with encrypted volumes. Logging SMB events is crucial for our auditing and compliance requirements.

We would greatly appreciate your input.

dolbyman · July 21, 2025, 2:06pm

If you are afraid of data loss, make sure you create or improve your backup strategy.

Creating a volume without an encryption is not an option ? (unknown if pools are used)

NA9D · July 21, 2025, 4:29pm

Is it possible that instead of using an encrypted volume you could just use encrypted folders instead?

Also, would NFS work for you as a protocol instead of Samba? I don’t know if that has logging or would be any better, but just thought I would throw it out there.

Jawab · July 21, 2025, 5:04pm

Are there logs that are being collected behind the scenes for smb?

I am asking since when we check the processes related to “smbd” inside NAS, we see the following entries:

18178 username 8844 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/config/smb.conf

From smbd doc (https://www.samba.org/samba/docs/current/man-html/smbd.8.html), smbd’s “-l” argument should be saving logs in the folder /var/log with the name /var/log/log.smbd. But there is nothing useful in there, probably because /etc/config/smb.conf is not a setup right.

So with this background would be worth trying to manually setup the smb.conf (https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server) to enable logging (even inside encrypted volume). Or might we create unforeseen side effects?

dolbyman · July 21, 2025, 5:06pm

You can try, not sure if SMB.conf would be one of the items rebuild on every reboot through (so you would have to put the modifications in your startup script)

TimL · July 24, 2025, 8:50am

Hi Jawab,

If we make it possible to configure the log data to be stored in an encrypted volume, would this meet your auditing requirements? Please note that logs cannot be accessed when the volume is locked. To ensure continuous logging, the encrypted volume would need to be set to auto-unlock on startup.