SMB Monitoring (Linux Only)

GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.

Requirements

Linux operating system
SMB client version 4.10 or earlier
Pre-configured Samba instance
Configured rsyslog forwarding

Configuration

The feature is disabled by default. To enable SMB share monitoring:

Configure rsyslog to forward Samba logs to GuardMode Agent

See also. For details on configuring rsyslog, see .

Enable the feature in .

Note. The GuardMode agent must be installed on the server hosting the SMB shares for proper monitoring.

PreviousSecurity Incident Detection NextEvent Reports

Last updated 5 months ago