Security event logs transfer via syslog
Logged events:
- system login/logout operations
- account management operations
- user access and privileges management operations
- changes to configuration settings
- system errors
To send DerScanner security event logs to a different location as .cef
files:
-
Open /opt/derscanner/app/configs/backend.env.
-
Add three environment variables:
- syslog.host — IP address of the recipient server
- syslog.port — port that will be used for data transmission
- syslog.protocol — protocol that will be used for data transmission
For example:
syslog.host=10.208.1.1
syslog.port=514
syslog.protocol=TCP -
Save changes.
-
Restart APP module service:
sudo systemctl restart derscanner-app