External Logging

You can configure PrivX to forward audit events to external log collectors. The required configurations are provided separately per supported log collector.

​​AWS CloudWatch​​

  1. Create an AWS user with permissions for pushing logs to CloudWatch. The user's permissions should be similar to the following (​​Sid​​ is arbitrary):

    {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "​​examplesid​​",
               "Effect": "Allow",
               "Action": "events:PutEvents",
               "Resource": "*"
           }
       ]
    }
    

    Obtain the ​Access key ID​ and the ​Secret access key​​ of this AWS user, required later for configuring PrivX.

  2. Create a rule in CloudWatch for collecting PrivX logs. The rule must have the following ​Event pattern​​:

    {
      "source": [
        "com.ssh.privx"
      ]
    }
    

    To associate actions to collected logs, also create ​Targets​​ for the rule.

  3. Add your log collector to PrivX.

    In the PrivX GUI, navigate to the page ​Administration→Deployment→Configure cloud log collectors​​, then click ​Add Log Collector​​. Set ​Service​ to ​Amazon CloudWatch Events​​, and provide the other required settings as well. Click ​Save​​ to apply your settings.

    PrivX logs are now sent to your AWS CloudWatch and processed according to all the applicable rule targets.

​​Azure Event Hubs​​

  1. In Azure Active Directory, register PrivX as an application.

  2. In Azure Event Hubs, create an event hub for PrivX. Your Access Control must allow the previously-registered PrivX application to access this hub.

  3. To process incoming events, you may create consumers for the hub.

  4. Add your log collector to PrivX.

    In the PrivX GUI, navigate to the page ​Administration→Deployment→Configure cloud log collectors​​, then click ​Add Log Collector​​. Set ​Service​ to ​Azure Event Hubs​​, and provide the other required settings as well. Click ​Save​​ to apply your settings.

    PrivX logs are now sent to the hub and processed according to all the applicable rules.


Did this page help you?