[Samba] VFS Audit to syslog-ng
Norbert Hanke
norbert.hanke at gmx.ch
Sat Jan 30 16:51:39 UTC 2021
It's usually the local syslog daemon that forwards to a remote syslog
server.
To do so you have a /etc/rsyslogd.conf entry like
# send dhcp/dyndns events to remote syslog
local7.*;*.notice @@loghost
where loghost is the name of the the syslog server.
On that loghost you need to enable listening to the network in the same
file with
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
and if you want to tell apart the systems where log entries come from
you typically have something like
$template loghost,"%timereported% %HOSTNAME% %PRI-text% %syslogtag%%msg%\n"
$ActionFileDefaultTemplate loghost
On 30.01.2021 13:42, Selahattin CILEK via samba wrote:
>
> Is there a way of sending logs over the network – to some syslog-ng
> server, for example – instead of handing them to syslog?||
>
> |Would something like this work:|
>
> |full_audit:facility = udp://192.168.0.1:5140 |
>
>
> ||||
>
> ||
>
>
>
More information about the samba
mailing list