Articles on: Security Operations

FileScan - Logging (Syslog)

On the latest versions of Ubuntu rsyslog daemon is responsible for collecting service messages originating from the kernel and applications, then writing them to log files usually stored in the /var/log/ directory.

To allow monitoring of relevant events regarding FileScan services using this mechanism, please login as root.

Create two new files with the content shown below:

/etc/rsyslog.d/fslogger.conf

:msg,contains,"[fsLogger]" /var/log/fslogger.log

and

/etc/logrotate.d/fslogger

/var/log/fslogger.log
{
        rotate 14
        daily
        missingok
        compress
        delaycompress
        sharedscripts
        postrotate
                invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
        endscript
}


Restart rsyslog and logrorate daemons:

# service rsyslog restart

# service logrotate restart

We now have
all events generated by FileScan logged to /var/log/fslogger.log
have this file rotated on a daily basis
an archive of daily logfiles for 14 days

Updated on: 27/11/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!