The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

SSH Log Forwarding

SSH log forwarding enables forwarding of the recordings of SSH sessions to customer log repository.

Prerequisites

In order to configure log forwarding you need to follow the instructions here.

Syslog Configuratoin

Edit logand.conf:

target_syslog_tag="ssh-audit-export"
target_log_type="syslog"
target_syslog_network="udp"
target_syslog_host="<host>:<port>"

Splunk configuration:

Prerequisites: Splunk HTTP Event Collector: https://docs.splunk.com/Documentation/Splunk/8.0.4/Data/UsetheHTTPEventCollector

target_log_type="splunk"
target_splunk_sourcetype="<your_sourcetype>"
target_splunk_source="<your_source>"
target_splunk_index="<your_index>"
target_splunk_token="<your_token>"
target_splunk_url="<your_splunk_host_address>"

ELK / Logstash Configuration

target_log_type="logstash"
target_logstash_dns="localhost:8911"
target_logstash_protocol="tcp"

Configure your Logstash to use the same port and protocol:
Add to logstash.conf:
input { tcp { port => 8911 codec => json } }

ELK Elasticsearch Configuration

target_log_type="elasticsearch"
target_elasticsearch_host="host"
target_elasticsearch_nodes="http://host1:9200,http://host2:9200"

Updated 2 months ago

SSH Log Forwarding


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.