Logging

To configure the log outputs and levels: MetaDefender Configuration

For Linux systems the installer configures the logrotate service to handle the Metadefender Core log files.

The default configuration will rotate daily and store the last 30 days.

If the log file path is modified, the logrotate config file should be updated as well.

Permissions to set:

  • The directory that contains the logs: read, write and execute permissions for ometascan user or at least for ometascan group
  • The other directories on the path to the logs: at least read and execute permissions for ometascan user and/or ometascan group

The new log settings will be used after a service restart or a HUP signal.

Remote Syslog

For SIEM integration such as Splunk, on MetaDefender Core side, enable syslog to send to Splunk syslog server via specific protocol and port. Then on that syslog server, configure to listen all incoming messages over the protocol and port.

Supported protocols are

  • TCP. Example: tcp://192.168.56.1:3586
  • UDP. Example: udp://192.168.56.1:3585
  • TCPS - TLS over TCP. Example: tcps://192.168.56.1:3586

When using TCPS - TLS over TCP, by default - MetaDefender Core will not allow for self-signed certs. If the users want to allow it, please change the option allow self signed cert with this Remote Syslog API
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Log Message Format
On This Page
LoggingRemote Syslog