Skip to Content

Integrate SSH Jump Server with syslog

How to forward SSH Jump Server logs to syslog?


Overview: This article describes how to forward SSH Jump Server logs to the syslog by enabling SIEM settings, allowing centralized monitoring of authentication, activity, and command logs.

By enabling this feature, all active logs will be directed to the syslog of the gateway server, which you can monitor by tailing the syslog.



Step 1: Login to Web GUI and navigate to Settings - > SIEM -> SIEM type to syslog and enable logs.

By enabling this feature, all active logs will be directed to the syslog of the gateway server. You can monitor these logs by tailing the syslog and executing the SIEM script in a separate shell to analyze the forwarded logs.

root@gateway :~# tail -f /var/log/syslog        //for ubuntu

root@gateway :~# tail -f /var/log/messages      //for centos

root@gateway :~# php /usr/local/ezlogin/siem_push.php

Refer below examples for syslog logs:

  • Authentication Log

  • Web Activity Logs

  • Gateway Activity Logs

  • Server Activity Logs

  • SSH Logs

This feature is available from Ezeelogin version 7.37.0Refer article to upgrade Ezeelogin to the latest version.


How to enable the feature to forward input commands to syslog?

Step 1: Login to GUI, navigate to Settings -> General -> Security -> scroll down and enable Log Commands in Syslog and relogin to ezsh and then to remote servers and execute random commands.

Refer below example of recorded input commands in syslog.

This feature is available from Ezeelogin version 7.37.2Refer article to upgrade Ezeelogin to the latest version.

SIEM ( Security Information and Event Management):-

SIEM systems collect and analyze log data generated throughout various systems, applications, and network infrastructure to identify and respond to security events and incidents. The goal is to provide a centralized view of an organization’s information security, helping in real-time analysis, incident detection, and response.


Related Articles:

Integrate Ezeelogin SSH Jump host with Splunk for SIEM

Audit logs and configurations