AnsweredAssumed Answered

File Audit

Question asked by Vahap Altay on Aug 18, 2014
Latest reply on Oct 23, 2014 by Michael Ratner


I want to send Windows Audit log files to Syslog server. We did below that. It is working but I can see only 560 - open handle and 562 - close handle. How can I see 563 - open handle for delete and 564 - delete on windows logserver?

The NAS server logs Object Access events 560 ,562, 563 and 564.



To send file system audit events to a syslog server "logserver" using the "auth" facility:


audit-syslog add logserver auth


To show the current configuration:


$ audit-syslog list


Server:   logserver


Facility: auth (4)