SMB Monitoring (Linux Only)

GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.

Requirements

  • Linux operating system

  • SMB client version 4.10 or earlier

  • Pre-configured Samba instance

  • Configured rsyslog forwarding

Configuration

The feature is disabled by default. To enable SMB share monitoring:

  1. Configure rsyslog to forward Samba logs to GuardMode Agent

  1. Enable the feature in GuardMode Agent configuration.

Last updated