Audit logs and configurations
Audit log policies and configurations
1. SSH Logs
The SSH logs provide comprehensive log information about the gateway user's actions or activities during an SSH session. The recorded SSH sessions are saved in text format, allowing for later search, review, revisit, or pipelining to log processing engines. Also, the user can truncate the SSH log based on time or size according to the policy or requirement.
Only SSH logs have the option to be truncated since they use the filesystem to store the user's SSH logs, and only the metadata is stored in the database.
2. Authentication Logs
The authentication logs provide comprehensive log information about authentication-related activities on your Gateway Server from both GUI and the backend. Moreover, the logs offer valuable insights into the specific two-factor authentication (2FA) methods employed by gateway users when accessing the Gateway Server.
3. Web Activity Logs
The web panel activity logs provide comprehensive log information about the accessed sections and functions in GUI but also include timestamps, indicating the dates and times of these activities.
4. Shell Activity Logs or Gateway Activity Logs
The SSH gateway activity logs provide a comprehensive log about every instance of Ezeelogin gateway users accessing the Ezeelogin gateway server shell.
5. Server Activity Logs
The server activity logs provide a comprehensive log of actions and interactions carried out by Ezeelogin gateway users when accessing the remote servers.
6. RDP Logs
The RDP logs provide comprehensive log information about the gateway user's actions or activities during an RDP session. The recorded RDP sessions are in RDP Bitmap Delta Stream and cannot be viewed by third-party software.
7. SCP Logs
The SCP logs provide comprehensive information about file transfers conducted by the gateway user using the parallel copy feature in ezsh.
8. Web Proxy Logs
The web proxy logs provide comprehensive information about all access to the web portal via the reverse proxy.
9. Web Proxy Activity Logs
The Web Proxy Activity Logs provide comprehensive information about user access details to the web portal using the reverse proxy.
Related Article
- Integrate Ezeelogin SSH Jump host with splunk for SIEM
- Integrate Ezeelogin SSH Jump host with syslog