External Logging
You can configure PrivX to forward audit events to external log collectors. The required configurations are provided separately per supported log collector.
AWS CloudWatch
Create an AWS user with permissions for pushing logs to CloudWatch. The user's permissions should be similar to the following (
Sid
is arbitrary):{ "Version": "2012-10-17", "Statement": [ { "Sid": "examplesid", "Effect": "Allow", "Action": "events:PutEvents", "Resource": "*" } ] }
Obtain the Access key ID and the Secret access key of this AWS user, required later for configuring PrivX.
Create a rule in CloudWatch for collecting PrivX logs. The rule must have the following Event pattern:
{ "source": [ "com.ssh.privx" ] }
To associate actions to collected logs, also create Targets for the rule.
Add your log collector to PrivX.
In the PrivX GUI, navigate to the page Administration→Deployment→Configure cloud log collectors, then click Add Log Collector. Set Service to Amazon CloudWatch Events, and provide the other required settings as well. Click Save to apply your settings.
PrivX logs are now sent to your AWS CloudWatch and processed according to all the applicable rule targets.
Azure Event Hubs
In Azure, register PrivX as an application.
In Azure Event Hubs, create an event hub for PrivX. Your Access Control must allow the previously-registered PrivX application to access this hub.
To process incoming events, you may create consumers for the hub.
Add your log collector to PrivX.
In the PrivX GUI, navigate to the page Administration→Deployment→Configure Cloud Log Collectors, then click Add Log Collector. Set Service to Azure Event Hubs, and provide the other required settings as well. Click Save to apply your settings.
PrivX logs are now sent to the hub and processed according to all the applicable rules.