Integrate SSH Jump Server with syslog
How to forward SSH Jump Server logs to syslog?
Overview: This article describes how to forward SSH Jump Server logs to the syslog by enabling SIEM settings, allowing centralized monitoring of authentication, activity, and command logs.
By enabling this feature, all active logs will be directed to the syslog of the gateway server, which you can monitor by tailing the syslog.
Step 1: Login to Web GUI and navigate to Settings - > SIEM -> SIEM type to syslog and enable logs.
By enabling this feature, all active logs will be directed to the syslog of the gateway server. You can monitor these logs by tailing the syslog and executing the SIEM script in a separate shell to analyze the forwarded logs.
root@gateway :~# tail -f /var/log/syslog //for ubuntu
root@gateway :~# tail -f /var/log/messages //for centos
root@gateway :~# php /usr/local/ezlogin/siem_push.php
Refer below examples for syslog logs:
- Authentication Log
- Web Activity Logs
- Gateway Activity Logs
- Server Activity Logs
- SSH Logs
This feature is available from Ezeelogin version 7.37.0. Refer article to upgrade Ezeelogin to the latest version.
How to enable the feature to forward input commands to syslog?
Step 1: Login to GUI, navigate to Settings -> General -> Security -> scroll down and enable Log Commands in Syslog and relogin to ezsh and then to remote servers and execute random commands.
Refer below example of recorded input commands in syslog.
This feature is available from Ezeelogin version 7.37.2. Refer article to upgrade Ezeelogin to the latest version.
SIEM ( Security Information and Event Management):-
SIEM systems collect and analyze log data generated throughout various systems, applications, and network infrastructure to identify and respond to security events and incidents. The goal is to provide a centralized view of an organization’s information security, helping in real-time analysis, incident detection, and response.
Related Articles: