SMB Monitoring (Linux Only)

GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.

Requirements

• Linux operating system

• SMB client version 4.10 or earlier

• Pre-configured Samba instance

• Configured rsyslog forwarding

Configuration

The feature is disabled by default. To enable SMB share monitoring:

1. Configure rsyslog to forward Samba logs to GuardMode Agent

1. Enable the feature in GuardMode Agent configuration.