CLI Reference - Log-Forwarding
This section outlines the CLI commands relevant to the Gateway Log-Forwarding.
General Flags:
--profile, --token
: Use a specific profile (located at $HOME/.akeyless/profiles
) or a temp access token
--uid-token
: The universal identity token, Required only for universal_identity authentication
-h, --help
: Display help information
--json[=false]
: Set output format to JSON
--jq-expression
: JQ expression to filter result output
--no-creds-cleanup[=false]
: Do not clean local temporary expired creds
Tip
Flags with a default value of
use-existing
indicate that the field's value will remain unchanged unless explicitly modified.
To forward your Akeyless audit logs directly from your Gateway, you can set the relevant settings of your target logs server using the CLI.
update
update
Command to update log forwarding configuration
Flags
aws-s3
azure-analytics
datadog
elasticsearch
google-chronicle
logstash
logz-io
splunk
stdout
sumologic
syslog
AWS S3
AWS S3
Updates Log Forwarding config for aws-s3
Usage
akeyless gateway update log-forwarding aws-s3 \
--enable 'true'|'false' \
--output-format 'text'|'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--log-folder <AWS Folder> \
--bucket-name <Bucket Name> \
--auth-type [access_key/cloud_id/assume_role] \
--access-id <AWS access id> \
--access-key <AWS access key> \
--region <AWS-Region> \
--role-arn <AWS role arn>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--log-folder[=use-existing]
: AWS S3 destination folder for logs
--bucket-name
: AWS S3 bucket name
--auth-type
: AWS auth type [access_key
/cloud_id
/assume_role
]
--access-id
: AWS access id relevant for access_key
auth-type
--access-key
: AWS access key relevant for access_key
auth-type
--region
: AWS region
--role-arn
: AWS role arn relevant for assume_role
auth-type
Azure Log Analytics
Azure Log Analytics
Updates Log Forwarding config for azure-analytics
Usage
akeyless gateway update log-forwarding azure-analytics \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--workspace-id <Azure workspace id> \
--workspace-key <Azure workspace key>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--workspace-id
: Azure workspace id
--workspace-key
: Azure workspace key
Datadog
Datadog
Updates Log Forwarding config for datadog
Usage
akeyless gateway update log-forwarding datadog \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--host <datadog host> \
--api-key <Datadog api key> \
--log-source <Datadog log source> \
--log-tags <log tags formatted as "key:value"> \
--log-service <Datadog log service>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--host
: Datadog host
--api-key
: Datadog api key
--log-source[=use-existing]
: Datadog log source
--log-tags[=use-existing]
: A comma-separated list of Datadog log tags formatted as "key
:value
" strings
--log-service[=use-existing]
: Datadog log service
ELK - Elasticsearch
ELK - Elasticsearch
Updates Log Forwarding config for elasticsearch
Usage
akeyless gateway update log-forwarding elasticsearch \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--index <Elasticsearch index> \
--server-type [nodes/cloud] \
--nodes <Elasticsearch nodes> \
--cloud-id <Elasticsearch cloud id> \
--auth-type <Elasticsearch auth type> \
--api-key <Elasticsearch api key> \
--user-name <Elasticsearch user name> \
--password <Elasticsearch password> \
--enable-tls <enable tls> \
--certificate-file <path/to/certificate> \
--tls-certificate <Elasticsearch tls certificate>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--index
: Elasticsearch index
--server-type
: Elasticsearch server type [nodes
/cloud
]
--nodes
: Elasticsearch nodes relevant only for nodes
server-type
--cloud-id
: Elasticsearch cloud id relevant only for cloud
server-type
--auth-type
: Elasticsearch auth type [api_key
/password
]
--api-key
: Elasticsearch api key relevant only for api_key
auth-type
--user-name
: Elasticsearch user name relevant only for password
auth-type
--password
: Elasticsearch password relevant only for password
auth-type
--enable-tls
: enable-tls
--certificate-file
: Path to a file that contain elasticsearch certificate in PEM
format
--tls-certificate[=use-existing]
: Elasticsearch tls certificate (PEM format
) in a Base64 format
Google Chronicle
Google Chronicle
Updates Log Forwarding config for google-chronicle
Usage
akeyless gateway update log-forwarding google-chronicle \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--gcp-key-file-path <path/to/sa/private-key> \
--gcp-key <Base64-encoded service account private key text> \
--customer-id <customer id> \
--region <Google chronicle region> \
--log-type <log type>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--gcp-key-file-path
: Path to file with the service account private key
--gcp-key
: Base64-encoded service account private key text
--customer-id
: Google chronicle customer id
--region
: Google chronicle region [eu_multi_region
/london
/us_multi_region
/singapore
/tel_aviv
]
--log-type
: Google chronicle log type
ELK - Logstash
ELK - Logstash
Updates Log Forwarding config for logstash
Usage
akeyless gateway update log-forwarding logstash \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--dns <Logstash dns> \
--protocol [tcp / udp] \
--enable-tls <enabe-tls> \
--certificate-file <path/to/certificate> \
--tls-certificate <logstash tls certificate>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--dns
: Logstash dns
--protocol
: Logstash protocol [tcp
/udp
]
--enable-tls
: Enable-tls
--certificate-file
: Path to a file that contain logstash certificate in PEM
format
--tls-certificate[=use-existing]
: Logstash tls certificate (PEM format) in a Base64 format
Logz.io
Logz.io
Updates Log Forwarding config for logz-io
Usage
akeyless gateway update log-forwarding logz-io \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--logz-io-token <Logz-io token> \
--protocol [tcp/https]
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--logz-io-token
: Logz-io token
--protocol
: Logz-io protocol [tcp/https]
Splunk
Splunk
Updates Log Forwarding config for splunk
Usage
akeyless gateway update log-forwarding splunk \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--splunk-url <URL>
--splunk-token <splunk-token> \
--source <Splunk source> \
--source-type <Splunk source type>
--index <Splunk index> \
--enable-tls <enable tls> \
--certificate-file <path/to/certificate> \
--tls-certificate <Elasticsearch tls certificate>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--splunk-url
: Splunk server URL
--splunk-token
: splunk-token
--source[=use-existing]
: Splunk source
--source-type[=use-existing]
: Splunk source type
--index
: Splunk index
--enable-tls
: Enable-tls
--certificate-file
: Path to a file that contain logstash certificate in PEM
format
--tls-certificate[=use-existing]
: Logstash tls certificate (PEM format) in a Base64 format
STDOUT
STDOUT
Updates Log Forwarding config for standard output
Usage
akeyless gateway update log-forwarding stdout \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \ \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
Sumo Logic
Sumo Logic
Updates Log Forwarding config for sumologic
Usage
akeyless gateway update log-forwarding sumologic \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \ \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--endpoint <endpoint URL> \
--sumologic-tags <Sumologic tags> \
--host <SumoLoginc host>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--endpoint
: Sumologic endpoint URL
--sumologic-tags[=use-existing]
: A comma-separated list of Sumologic tags
--host[=use-existing]
: Sumologic host
Syslog
Syslog
Updates Log Forwarding config for syslog
Usage
akeyless gateway update log-forwarding syslog \
--enable 'true'/'false' \
--output-format 'text'/'json' \
--pull-interval '10' \ \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>' \
--network [tcp/udp] \
--host <host> \
--target-tag <Syslog target tag> \
--formatter [text/cef] \
--enable-tls <enable tls> \
--certificate-file <path/to/certificate> \
--tls-certificate <Elasticsearch tls certificate>
Flags
--enable[=true]
: Enable Log Forwarding [true
/false
]
--output-format[=text]
: Logs format [text
/json
]
--pull-interval[=10]
: Pull interval in seconds
-u, --gateway-url[=http://localhost:8000]
: Gateway URL (Configuration Management port)
--network
: Syslog network [tcp
/udp
]
--host
: Syslog host
--target-tag[=use-existing]
: Syslog target tag
--formatter[=text]
: Syslog formatter [text
/cef
]
--enable-tls
: Enable-tls
--certificate-file
: Path to a file that contain logstash certificate in PEM
format
--tls-certificate[=use-existing]
: Logstash tls certificate (PEM format) in a Base64 format
get
get
Command to get log forwarding configuration
akeyless gateway get log-forwarding \
--gateway-url 'https://<Your-Akeyless-GW-URL:8000>'
Updated 29 days ago