Skip to Content

Integrate SSH Jump Server with syslog

How to forward Ezeelogin SSH Jump Server logs to syslog?

This feature is available from Ezeelogin version 7.37.0Refer article to upgrade Ezeelogin to the latest version.


By enabling this feature, all active logs will be directed to the syslog of the gateway server, which you can monitor by tailing the syslog.



Login to Ezeelogin GUI and navigate to Settings - > SIEM -> SIEM type to syslog and enable logs.

By enabling this feature, all active logs will be directed to the syslog of the gateway server. You can monitor these logs by tailing the syslog and executing the SIEM script in a separate shell to analyze the forwarded logs.

tail -f /var/log/syslog        #for ubuntu

tail -f /var/log/messages      #for centos

php /usr/local/ezlogin/siem_push.php

Refer below examples for syslog logs:

  • Authentication Log

  • Web Activity Logs

  • Gateway Activity Logs

  • Server Activity Logs

  • SSH Logs

 

How to enable the feature to forward input commands to syslog?

This feature is available from Ezeelogin version 7.37.2Refer article to upgrade Ezeelogin to the latest version.

Login to GUI, navigate to Settings -> General -> Security -> scroll down and enable Log Commands in Syslog and relogin to ezsh and then to remote servers and execute random commands.

Refer below example of recorded input commands in syslog.

 

SIEM ( Security Information and Event Management):-

SIEM systems collect and analyze log data generated throughout various systems, applications, and network infrastructure to identify and respond to security events and incidents. The goal is to provide a centralized view of an organization’s information security, helping in real-time analysis, incident detection, and response.

 

Related Articles