I am trying to figure out the best way to offload audit logs from a single Red Hat server to a windows share. What is the best way to do this without installing any additional software on the Windows Side? I am using Audisp as my logging software.
Is my Red Hat box going to have to be on my Windows domain in order to make this happen?
OS: Red Hat 7 and Windows Server 2012R2.
You could probably use smbclient with credentials to copy the files, redirecting commands into it. It has a lot of similar syntax to ftp. man smbclient to get a manpage (or search on your favorite search engine).
Something like, maybe:
echo 'cp /var/log/audit/audit* \some\windows\dir'|smbclient //host/share -A mycredentials.txt
The documentation also mentions a -c option to pass a command string, like:
smbclient //host/share -A mycredentials.txt -c 'cp /var/log/audit/audit* \some\windows\dir'
Another idea would be to mount the drive using cifs https://access.redhat.com/solutions/448263
You can test it using this:
mount -t cifs -o username=<share user>,password=<share password>,domain=example.com //WIN_PC_IP/<share name> /mnt
You can add this to the /etc/fstab to make it mount on boot:
//WIN_PC_IP/<share name> /<mntpoint> cifs _netdev,username=<share user>,password=<share password>,domain=<domain name>,dir_mode=0755,file_mode=0755,uid=500,gid=500 0 0
I have noticed wonky behavior if the share goes offline, so if you know you're planning a reboot (or one happens on its own), you should unmount and remount it on the Redhat host.
