Log Forwarding Configuration
To forward your Akeyless audit logs directly from your Gateway, you can set the relevant settings of your target logs server using the CLI or directly from the Gateway Configuration Manager.
By default, the log format of all of the commands below is text
and the pull interval is set to 10
seconds.
Authorized Users
Only users with access permission on the gateway to manage log forwarding will authorize to set log forwards using the CLI.
Syslog
akeyless gateway update log-forwarding syslog \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--host <syslog host>
Note
The outputted message format conforms to Syslog format and assumes the Syslog server doesn’t add its own formatting to the message.
Default format: <date > <time> <host name> <log level> <message>
.
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Splunk
You can forward the Gateway logs to an existing Splunk HTTP Event Collector :
akeyless gateway update log-forwarding splunk \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--splunk-url <server URL> \
--splunk-token <token> \
--source <source> \
--source-type <source type> \
--index <index>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
ELK - Logstash
akeyless gateway update log-forwarding logstash \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--dns <logstash dns> \
--protocol tcp
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
ELK - Elasticsearch
akeyless gateway update log-forwarding elasticsearch \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--index <index> \
--server-type <cloud> \
--cloud-id <your cloud-id> \
--auth-type <api_key \
--api-key <your api_key>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Logz.io
Using Log Shipping Tokens:
akeyless gateway update log-forwarding logz-io \
--gateway-url[=http://localhost:8000] 'https://Your-Akeyless-GW-URL:8000' \
--logz-io-token <logz-io token> \
--protocol <tcp>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
AWS S3
Warning
Logs will be uploaded to your S3 bucket based on 10 minutes intervals. Keep in mind that in case your pod will scale down or restart, logs that were not uploaded to your bucket will be lost.
akeyless gateway update log-forwarding aws-s3 \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--log-folder <s3 destination folder> \
--bucket-name <s3 bucker name> \
--auth-type <access_key/cloud_id/assume_role> \
--access-id <aws access-id> \
--access-key <aws access-key> \
--region <aws region> \
--role-arn <aws role-arn>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Azure Log Analytics
Logs will be sent to a given workspace according to the provided ID.
akeyless gateway update log-forwarding azure-analytics \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--workspace-id <azure workspace-id> \
--workspace-key <azure workspace-key>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
STDOUT
Setting log forwarding to stdout:
akeyless gateway update log-forwarding stdout \
--gateway-url 'https://Your-Akeyless-GW-URL:8000>'
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
DataDog
Setting log forwarding to DataDog system:
akeyless gateway update log-forwarding datadog \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--host <datadog host> \
--api-key <datadog api-key> \
--log-source <datadog log source> \
--log-tags <logs tags [key:value]> \
--log-service <datadog log service>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Sumo Logic
Setting log forwarding to Sumo Logic:
akeyless gateway update log-forwarding sumologic \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--endpoint <endpoint url> \
--sumologic-tags <sumologic tags> \
--host <sumologic host>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Google Chronicle
Setting log forwarding to Google Chronicle:
akeyless gateway update log-forwarding google-chronicle \
--gateway-url 'https://Your-Akeyless-GW-URL:8000' \
--gcp-key <Base64-encoded service account private key> \
--customer-id <customer-id> \
--region <eu_multi_region/london/us_multi_region/singapore/tel_aviv> \
--log-type <log type>
You can find the complete list of additional parameters for this command in the CLI Reference - Log-Forwarding section.
Updated about 1 month ago