TrueNAS SCALETrueNAS SCALE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Advanced Settings Screen

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.

Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.

The Advanced settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, WebSocket sessions, cron jobs, init/shutdown scripts, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.

Save Debug saves a system debug file to the local machine.

SCALE Advanced Settings Screen
Figure 1: SCALE Advanced Settings Screen
SCALE Advanced Settings Screen
Figure 2: SCALE Advanced Settings Screen

Console Widget

The Console widget displays the current console settings for TrueNAS.

Console Widget
Figure 3: Console Widget

Configure opens the Console configuration screen.

Console Configuration Screen

Console settings configure how the Console Setup menu displays, the serial port it uses and the port speed, and the banner users see when accessing it.

Console Config Screen
Figure 4: Console Config Screen
Console Settings
Show Text Console without Password PromptSelect to display the console without being prompted to enter a password. Leave cleared to add a login prompt to the system before showing the console menu. Selected by default.
Enable Serial ConsoleSelect to enable the serial console. Selected by default. Clear this if the serial port is disabled.
Serial PortShows the default serial port. If using a port other than the default, enter the serial console port address.
Serial SpeedShows the default serial port speed. If not using the default speed, select the speed (in bits per second) the serial port uses from the dropdown list. Options are 9600, 19200, 38400, 57600, or 115200.
MOTD BannerEnter the message you want to display when a user logs in with SSH. The default banner message is Welcome to TrueNAS.

Syslog Widget

The Syslog widget displays the existing system logging settings that specify how and when the system sends log messages to the syslog server.

Syslog Widget
Figure 5: Syslog Widget

Configure opens the Syslog configuration screen.

Syslog Configuration Screen

The Syslog settings specify the logging level the system uses to record system events to the boot device. There are also options to configure a remote syslog server for recording system events.

Syslog Config Screen
Figure 6: Syslog Config Screen
Syslog Settings
Use FQDN for LoggingSelect to include the fully qualified domain name (FQDN) in logs to identify systems with similar host names.
Syslog LevelSelect the minimum log priority level to send to the remote syslog server. The system only sends logs at or above this level.
Syslog ServerEnter the remote syslog server DNS hostname or IP address. Add a colon and the port number to the hostname to use non-standard port numbers, like mysyslogserver:1928. Log entries are written to local logs and sent to the remote syslog server.
Syslog TransportEnter the transport protocol for the remote system log server connection. Selecting Transport Layer Security (TLS) displays the Syslog TLS Certificate and Syslog TSL Certificate Authority fields. This setting requires preconfiguring both the server system certificate and the certificate authority (CA).
Syslog TLS CertificateDisplays after selecting TLS in Syslog Transport. Select the transport protocol for the remote system log server TLS certificate from the dropdown list. Select the default or add the certificate and CA for the server using the Credentials > Certificates screen Certificates widget.
Syslog TLS Certificate AuthorityDisplays after selecting TLS in Syslog Transport. Select the TLS CA for the TLS server from the dropdown list. If not using the default, create the CA for the systlog server TLS certificate on the Credentials > Certificates > Certificate Authorities screen.
Include Audit LogsSelect to enable audit logging.

Audit Widget

The Audit widget displays the current audit storage and retention policy settings. The public-facing API allows querying audit records, exporting audit reports, and configuring audit dataset settings and retention periods.

Advanced System Setting Audit Widget
Figure 7: Advanced System Setting Audit Widget

Configure Auditing

The Audit configuration screen sets the retention period, reservation size, quota size and percentage of used space in the audit dataset that triggers warning and critical alerts.

Audit Settings
Retention (in days)Enter the number of days to retain local audit messages.
Reservation (in GiB)Enter the size (in GiB) of reserved space to allocate on the ZFS dataset where the audit databases are stored. The reservation specifies the minimum amount of space guaranteed to the dataset, and counts against the space available for other datasets in the zpool where the audit dataset is located. To disable, enter zero (0).
Quota (in GiB)Enter the size (in GiB) of the maximum amount of space that can be consumed by the dataset where the audit databases are stored. To disable, enter zero (0).
Quota Fill Warning (in %)Enter a percentage threshold. TrueNAS generates a warning level alert when the dataset quota reaches that capacity used. Allowed range: 5 - 80.
Quota Fill Critical (in %)Enter a percentage threshold. TrueNAS generates a critical level alert when the dataset quota reaches that capacity used. Allowed range: 50 - 95.

Click Configure to open the Audit configuration screen and manage storage and retention policies

Kernel Widget

The Kernel widget shows options for configuring the Linux kernel installed with TrueNAS SCALE.

Kernel Widget
Figure 9: Kernel Widget
Kernel Settings
Enable Debug KernelSet to boot a debug kernel after the next system reboot.

Cron Jobs Widget

The Cron Jobs widget displays No Cron Jobs configured until you add a cron job, then it shows the information on cron job(s) configured on the system.

Cron Job Widget
Figure 10: Cron Job Widget

Add opens the Add Cron Job configuration screen.

Click on any job listed in the widget to open the Edit Cron Jobs configuration screen populated with the settings for that cron job.

Add or Edit Cron Job Configuration Screen

The Add Cron Job and Edit Cron Job configuration screens display the same settings.

Cron Jobs lets users configure jobs that run specific commands or scripts on a regular schedule using cron(8). Cron jobs help users run repetitive tasks.

Add Cron Job Screen
Figure 11: Add Cron Job Screen
Cron Job Settings
DescriptionEnter a description for the cron job.
CommandEnter the full path to the command or script to run. For example, to create a command string that generates a list of users on the system and write that list to a file, enter cat /etc/passwd > users_$(date +%F).txt
Run As UserSelect a user account to run the command. The user must have permissions allowing them to run the command or script.
ScheduleSelect a schedule preset or choose Custom to open the advanced scheduler. Note that an in-progress cron task postpones any later scheduled instance of the same task until the running task is complete.
Hide Standard OutputSelect to hide standard output (stdout) from the command. If left cleared, TrueNAS mails any standard output to the user account cron that ran the command.
Hide Standard ErrorSelect to hide error output (stderr) from the command. If left cleared, TrueNAS mails any error output to the user account cron that ran the command.
EnabledSelect to enable this cron job. Leave cleared to disable the cron job without deleting it.

Init/Shutdown Scripts Widget

The Init/Shutdown Scripts widget displays No Init/Shutdown Scripts configured until you add either a command or script, then the widget lists the scrips configured on the system.

Init/Shutdown Scripts Widget
Figure 12: Init/Shutdown Scripts Widget

Add opens the Add Init/Shutdown Script configuration screen. Any script listed is a link that opens the Edit Init/Shutdown Script configuration screen populated with the settings for that script.

Add or Edit Init/Shutdown Script Configuration Screens

Init/Shutdown Scripts lets users schedule commands or scripts to run at system startup or shutdown.

Add Init/Shutdown Scripts
Figure 13: Add Init/Shutdown Scripts
Init/Shutdown Script Settings
DescriptionComments about this script.
TypeSelect Command for an executable or Script for an executable script.
CommandEnter the command with any options.
ScriptSelect the script. The script runs using dash(1).
WhenSelect when the command or script runs from the dropdown list. Options are Pre Init for early in the boot process, after mounting file systems and starting networking. Post Init runs at the end of the boot process before Linux services start. Shutdown runs during the system power-off process.
EnabledSelect to enable this script. When left cleared, it disables the script without deleting it.
TimeoutAutomatically stop the script or command after the specified number of seconds.

Sysctl Widget

The Sysctl widget displays either No Sysctl configured or the existing sysctl settings on the system.

Sysctl Widget
Figure 14: Sysctl Widget

Add to add a tunable that configures a kernel module parameter at runtime.

Add or Edit Sysctl Configuration Screen

The Add Sysctl or Edit Sysctl configuration screen settings let users set up tunables that configure kernel parameters at runtime.

Sysctl Config Screen
Figure 15: Sysctl Config Screen
Sysctl Settings
VariableEnter the name of the sysctl variable to configure. Sysctl tunables configure kernel parameters while the system runs and generally take effect immediately.
ValueEnter a sysctl value to use for the loader, sysctl variable.
DescriptionEnter a description for the tunable.
EnabledSelect to enable this tunable. Leave clear to disable this tunable without deleting it.

Storage Widget

Storage widget displays the pool configured as the system dataset pool and allows users to select the storage pool they want to hold the system dataset. The system dataset stores core files for debugging and keys for encrypted pools. It also stores Samba4 metadata, such as the user and group cache and share-level permissions.

Storage Widget
Figure 16: Storage Widget

Configure opens the Storage Settings configuration screen.

Storage Settings Configuration Screen

If the system has one pool, TrueNAS configures that pool as the system dataset pool. If your system has more than one pool, you can set the system dataset pool using the Select Pool dropdown. Users can move the system dataset to an unencrypted pool, or an encrypted pool without passphrases.

System Dataset Pool Config Screen
Figure 17: System Dataset Pool Config Screen

Users can move the system dataset to a key-encrypted pool, but cannot change the pool encryption type afterward. If the encrypted pool already has a passphrase set, you cannot move the system dataset to that pool.

Replication Widget

The Replication widget displays the number of replication tasks that can execute simultaneously on the system. It allows users to adjust the maximum number of replication tasks the system can perform simultaneously.

Replication Widget
Figure 18: Replication Widget

Click Configure to open the Replication configuration screen.

Replication Config Screen
Figure 19: Replication Config Screen

Enter a number for the maximum number of simultaneous replication tasks you want to allow the system to process and click Save.

Access Widget

The Access widget displays a list of all active sessions, including the user who initiated the session and what time it started. It also displays the Token Lifetime setting for your current session. It allows administrators to manage other active sessions and to configure the token lifetime for their account.

Access Widget
Figure 20: Access Widget

Terminate Other Sessions ends all sessions except for the one you are currently using. You can also end individual sessions by clicking the logout icon next to that session if it is not the admin user session. You must check a confirmation box before the system allows you to end sessions.

The logout button is inactive for your current session and active for all other current sessions. It cannot be used to terminate your current session.

Token Lifetime displays the configured token duration for your current session (default five minutes). TrueNAS SCALE logs out user sessions that are inactive for longer than the configured token setting. New activity resets the token counter.

If the configured token lifetime is exceeded, TrueNAS SCALE displays a Logout dialog with the exceeded ticket lifetime value and the time that the session is scheduled to terminate.

Logout Dialog

Extend Session resets the token counter. If the button is not clicked, the TrueNAS SCALE terminates the session automatically and returns to the login screen.

Configure opens the Token Settings screen.

Token Settings Screen

The Token Settings screen allows users to configure the Token Lifetime for the current account.

Token Settings Screen
Figure 22: Token Settings Screen

Select a value that fits your needs and security requirements. Enter the value in seconds.

The default lifetime setting is 300 seconds or five minutes.

The maximum is 2147482 seconds, or 24 days, 20 hours, 31 minutes, and 22 seconds.

Allowed IP Addresses Widget

The Allowed IP Addresses widget displays IP addresses and networks added to the system that are allowed to use the API and UI. If this list is empty, then all IP addresses are allowed to use API and UI.

Allowed IP Addresses Widget
Figure 23: Allowed IP Addresses Widget

Configure opens the Allowed IP Addresses configuration screen.

Entering an IP address to the allowed IP address list denies access to the UI or API for all other IP addresses not listed.

Use only if you want to limit system access to a single or limited number of IP addresses. Leave the list blank to allow all IP addresses.

Click Add next to Allowed IP Addresses to add an entry to the allowed IP Addresses list. Ensure the first address and/or subnet includes your current client system.

You can enter a specific IP address, for example,, for individual access, or use an IP address with a subnet mask, like, to define a range of addresses.

You can add as many addresses as needed.

Click Save. A Restart Web Service dialog opens. Select Confirm and then Continue to restart the web UI and apply changes.

Self-Encrypting Drive Widget

The Self-Encrypting Drive (SED) widget displays the system ATA security user and password.

Self-Encrypting Drive Widget
Figure 24: Self-Encrypting Drive Widget

Configure opens the Self-Encrypting Drive configuration screen.

Self-Encrypting Drive Configuration Screen

The Self-Encrypting Drive configuration screen allows users to set the ATA security user and create a SED global password.

Self-Encrypting Drive Config Screen
Figure 25: Self-Encrypting Drive Config Screen
Self-Encrypting Drive Settings
ATA Security UserSelect the user passed to camcontrol security -u to unlock SEDs from the dropdown list. Options are USER or MASTER.
SED PasswordEnter the global password to unlock SEDs.
Confirm SED PasswordRe-enter the global password to unlock SEDs.

Isolated GPU Device(s) Widget

The Isolated GPU Device(s) widget displays any isolated graphics processing unit (GPU) device(s) configured on your system.

Isolated GPU Device Widget
Figure 26: Isolated GPU Device Widget

Configure opens the Isolated GPU PCI Ids screen, which allows users to isolate additional GPU devices.

Isolated GPU PCI IDs Configuration Screen

The Isolate GPU PCI IDs configuration screen allows you to isolate GPU devices for a virtual machine (VM).

To isolate a GPU, you must have at least two in your system; one allocated to the host system for system functions and/or applications, and the other available to isolate for use by a VM.

Isolated GPU PCI Ids Screen
Figure 27: Isolated GPU PCI Ids Screen

Select the GPU device ID from the dropdown list and click Save.

Isolated GPU devices are reserved for use by configured applications or a VM.

To allocate an isolated GPU device, select it while creating or editing the VM configuration. When allocated to a VM, the isolated GPU connects to the VM as if it were physically installed in that VM and becomes unavailable for any other allocations.

Global Two Factor Authentication Widget

The Global Two Factor Authentication widget allows you to set up two-factor authentication (2FA) for your system.

Global Two Factor Authentication Widget
Figure 28: Global Two Factor Authentication Settings Widget

Configure opens the Global Two Factor Authentication Settings configuration screen.

Global Two Factor Authentication Settings Screen
Figure 29: Global Two Factor Authentication Settings Screen
Global Two Factor Authentication Settings
Enable Two-Factor Authentication GloballySelect to enable 2FA for the system.
WindowEnter the number of valid passwords. Extends password validity beyond the current to the previous password(s) based on the number entered. For example, setting this to 1 means the current and previous passwords are valid. If the previous password is a and the current password is b, then both passwords are valid. If set to 2, the current password (c ) and the two previous passwords (a and b) are valid. Setting this to 3 works the same. Extending the window is useful in high-latency situations.
Enable Two-Factor Auth for SSHSelect to enable 2FA for system SSH access. Leave this disabled until you complete a successful test of 2FA with the UI.

System Security Widget

TrueNAS Enterprise

The System Security widget allows administrators of Enterprise-licensed systems to enable or disable FIPS 140-2 compliant algorithms. This requires a system reboot to apply the settings. High Availability (HA) systems reboot the standby controller and then prompt to failover and reboot the primary controller.

Settings opens the System Security configuration screen.

Click the Enable FIPS toggle to enable or disable enforcement, then click Save. The system prompts to reboot (or failover for HA systems) to apply the settings.