Log Forwarding
You can export the audit logs from the Akeyless Gateway to any of the following log services:
Warning
The log forwarding mechanism can only fetch logs from the previous 24 hours. Please ensure that your Gateway default Authentication Method has an Access Role that allows viewing all audit logs in the account.
Amazon S3
When you export the audit logs from the Akeyless Gateway to Amazon S3, the logs are stored in a specified S3 bucket under:
{root_folder_name} / {year} / {month} / {day}
Info
The default root folder is
akeyless-log
. You can change this when you set up the log file export in the Akeyless Gateway.
The log files include log records from a ten-minute window, where the file name includes the start time of the logs. For example:
akeyless-log/2021/05/25/akeyless-audit_2021-05-25T16:30.log
This file contains records from 16:30:00 to 16:39:59. Each entry is a JSON file that can be parsed individually.
-
Create a bucket in S3, and generate an access key with permission to write to the bucket.
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Amazon S3
. -
Choose the authentication mode either using Credentials, Gateway Cloud IDor using Assume Role.
-
For Credentials Define the Access ID, Access Key, and Bucket Name for the bucket you created in the first step. For Assume Role provide the AWS Role ARNs 
-
From the Region dropdown list, select the region in which your S3 bucket is defined.
-
Optionally, define a Folder Prefix, which is the root location in the S3 bucket under which the log files will be stored. The default value is
akeyless-log
. -
Select Save Changes.
Warning
Logs will be uploaded to your S3 bucket based on 10 minutes intervals. Keep in mind that in case your pod will scale down or restart, logs that were not uploaded to your bucket will be lost.
Azure Log Analytics
When you export the audit logs from the Akeyless Gateway to Azure Log Analytics, the logs are stored in the specified workspace in the AkeylessAudit_CL table. The TimeGenerated is the time the log was created in Akeyless, and msg_s is textual information for the log.
-
Create a new Log Analytics workspace in the Azure Portal, then select Agent Management.
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Azure Log Analytics
. -
For the Workspace ID, copy the value of the Workspace ID from the Agent Management options in the Azure Portal.
-
For the Workspace Key, copy the value of either the Primary key or the Secondary key from the Agent Management options in the Azure Portal.
-
Select Save Changes.
Elasticsearch
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Elasticsearch
. -
Define the Elasticsearch Server. It can be set either as Node or Cloud ID.
-
Define the Elasticsearch Authentication. It can be set as Api Key or Username & Password.
-
Define the Elasticsearch Index.
-
Optional, check TLS and upload the TLS Certificate of your log server.
-
Select Save Changes.
Logstash
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Logstash
. -
Define the Logstash Host.
-
From the Logstash Protocol options, select the network protocol used to connect to the Logstash server.
-
Optional, check TLS and upload the TLS Certificate of your log server.
-
Select Save Changes.
-
To configure your Logstash to use the same port and protocol, add the following to the logstash.conf file:
input {
tcp {
port => 8911
codec => json
}
}
Logz.io
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Logz.io
. -
Define the Logz.io Token as the token for your Logz.io account. For details on finding this token, see here.
-
From the Logz.io Network options, select the network protocol to connect to Logz.io.
-
Select Save Changes.
Splunk
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
Select' Splunk' from the Log Service dropdown list.
-
Define the Splunk Server URL.
-
Define the Splunk Token.
-
Define the Splunk Index.
-
Optional, check TLS and upload the TLS Certificate of your Splunk server.
-
Select Save Changes.
Syslog
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
Select' Syslog' from the Log Service dropdown list.
-
From the Syslog Network options, select the network protocol used by the Syslog server.
-
Define the Syslog Host as the hostname or IP address of the Syslog server.
-
Optionally, define the Syslog Tag as the tag with which audit logs are sent to the Syslog server. The default value is
audit-export
. -
Select the Syslog Formatter either
Text
orCEF
. -
Optional, check TLS and upload the TLS Certificate of your log server.
-
Select Save Changes.
Datadog
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Datadog
. -
Define the Datadog host.
-
Define the Datadog API Key.
-
Optional - Define Log Source. Default value
akeyless
. -
Optional - Define Log Tags - using
key
:value
format. -
Optional - Define Log Service , default value
akeyless-gateway
.
Sumo Logic
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server insert:
https://audit.akeyless.io/
. -
From the Log Service dropdown list, select
Sumo Logic
. -
Insert the Endpoint address .
-
Optional - Define Tags -
tag1
,tag2
. -
Optional - Define Host of your choice.
Google Chronicle
-
Log in to the Akeyless Gateway and go to Log Forwarding.
-
Select the Enable checkbox.
-
Choose the log format -
Text
orJSON
. -
Audit Log Server - Insert
https://audit.akeyless.io/
-
From the Log Service dropdown list, select
Google Chronicle
. -
Service Account Key - A JSON file holding service account credentials.
-
Customer ID - Unique identifier for the Chronicle instance.
-
Region - The region where your customer account is provisioned.
-
Log Type - A log type to identify the log entries
Updated 9 months ago