SMB Monitoring (Linux Only)
GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.
Requirements
- Linux operating system
- SMB client version 4.10 or earlier
- Pre-configured Samba instance
- Configured
rsyslogforwarding
Configuration
The feature is disabled by default. To enable SMB share monitoring:
- Configure
rsyslogto forward Samba logs to GuardMode Agent
See also.
For details on configuring rsyslog, see Configuring GuardMode Agent for SAMBA setup.
- Enable the feature in GuardMode Agent configuration.
Note.
The GuardMode agent must be installed on the server hosting the SMB shares for proper monitoring.