[Samba] VFS Audit to syslog-ng

Norbert Hanke norbert.hanke at gmx.ch
Sat Jan 30 16:51:39 UTC 2021

It's usually the local syslog daemon that forwards to a remote syslog

To do so you have a /etc/rsyslogd.conf entry like

    # send dhcp/dyndns events to remote syslog
    local7.*;*.notice        @@loghost

where loghost is the name of the the syslog server.

On that loghost you need to enable listening to the network in the same
file with

# provides TCP syslog reception
input(type="imtcp" port="514")

and if you want to tell apart the systems where log entries come from
you typically have something like

$template loghost,"%timereported% %HOSTNAME% %PRI-text% %syslogtag%%msg%\n"
$ActionFileDefaultTemplate loghost

On 30.01.2021 13:42, Selahattin CILEK via samba wrote:
> Is there a way of sending logs over the network – to some syslog-ng
> server, for example – instead of handing them to syslog?||
> |Would something like this work:|
> |full_audit:facility = udp:// |
> ||||
> ||

More information about the samba mailing list