SMB Monitoring (Linux Only)

GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.

Requirements

  • Linux operating system

  • SMB client version 4.10 or earlier

  • Pre-configured Samba instance

  • Configured rsyslog forwarding

Configuration

The feature is disabled by default. To enable SMB share monitoring:

  1. Configure rsyslog to forward Samba logs to GuardMode Agent

See also. For details on configuring rsyslog, see Configuring GuardMode Agent for SAMBA setup.

  1. Enable the feature in GuardMode Agent configuration.

Note. The GuardMode agent must be installed on the server hosting the SMB shares for proper monitoring.

PreviousSecurity Incident DetectionNextEvent Reports