PlainNAS keeps a small, bounded event log intended for security + troubleshooting. This is a lightweight audit trail for high-level system actions (not a full filesystem activity log).
In the web UI:
- Settings → Events
- Stored in PlainNAS runtime data under
/var/lib/plainnas/. - The log is bounded (keeps up to the most recent ~1000 events).
The log focuses on a small set of high-signal actions:
login/logout/revoke(session revocation)login_failed(failed authentication/decryption)mount/unmountmount_failedformat_disk/format_disk_failed
Notes:
- Event messages are intentionally short and should not contain secrets (passwords, tokens, request bodies).
- Events are best-effort (e.g. if the DB is unavailable, the system continues running).
The Sessions settings page includes lastActive, which updates when PlainNAS successfully decrypts authenticated GraphQL requests for that session.