AnsweredAssumed Answered

File Audit

Question asked by Vahap Altay on Aug 18, 2014
Latest reply on Oct 23, 2014 by Michael Ratner

Hi,

I want to send Windows Audit log files to Syslog server. We did below that. It is working but I can see only 560 - open handle and 562 - close handle. How can I see 563 - open handle for delete and 564 - delete on windows logserver?

The NAS server logs Object Access events 560 ,562, 563 and 564.

 

 

To send file system audit events to a syslog server "logserver" using the "auth" facility:

 

audit-syslog add logserver auth

 

To show the current configuration:

 

$ audit-syslog list

 

Server:   logserver

 

Facility: auth (4)

 

 

--------------------------------------

 

Outcomes