Skip to main content

Security event logs transfer via syslog

Logged events:

  • system login/logout operations
  • account management operations
  • user access and privileges management operations
  • changes to configuration settings
  • system errors

To send DerScanner security event logs to a different location as .cef files:

  1. Open /opt/derscanner/app/configs/backend.env.

  2. Add three environment variables:

    • syslog.host — IP address of the recipient server
    • syslog.port — port that will be used for data transmission
    • syslog.protocol — protocol that will be used for data transmission

    For example:

    syslog.host=10.208.1.1
    syslog.port=514
    syslog.protocol=TCP
  3. Save changes.

  4. Restart APP module service:

    sudo systemctl restart derscanner-app