samba - Jan 2021 - VFS Audit to syslog-ng

Is there a way of sending logs over the network ? to some syslog-ng 
server, for example ? instead of handing them to syslog?||

|Would something like this work:|

|full_audit:facility = udp://192.168.0.1:5140 |


||||

||



-- 
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

It's usually the local syslog daemon that forwards to a remote syslog
server.

To do so you have a /etc/rsyslogd.conf entry like

 ?? # send dhcp/dyndns events to remote syslog
 ?? local7.*;*.notice??????? @@loghost

where loghost is the name of the the syslog server.

On that loghost you need to enable listening to the network in the same
file with

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

and if you want to tell apart the systems where log entries come from
you typically have something like

$template loghost,"%timereported% %HOSTNAME% %PRI-text%
%syslogtag%%msg%\n"
$ActionFileDefaultTemplate loghost

On 30.01.2021 13:42, Selahattin CILEK via samba wrote:
>
> Is there a way of sending logs over the network ? to some syslog-ng
> server, for example ? instead of handing them to syslog?||
>
> |Would something like this work:|
>
> |full_audit:facility = udp://192.168.0.1:5140 |
>
>
> ||||
>
> ||
>
>
>

Why don't you use journald? You can set up a log-host with it

Am 30.01.21 um 13:42 schrieb Selahattin CILEK via samba:
>
> Is there a way of sending logs over the network ? to some syslog-ng
> server, for example ? instead of handing them to syslog?||
>
> |Would something like this work:|
>
> |full_audit:facility = udp://192.168.0.1:5140 |
>
>
> ||||
>
> ||
>
>
>
-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re.
Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html