Syslog
Integrating Keeper SIEM push to standard Syslog endpoints
Last updated
Was this helpful?
Integrating Keeper SIEM push to standard Syslog endpoints
Last updated
Was this helpful?
Keeper supports event streaming into standard TCP Syslog collectors. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.
Keeper supports a standard "Syslog" push capability over TCP.
Ports TCP Ports 514 and 6514 (TLS)
Fields Exported "audit_event", "username", "client_version", "remote_address", "channel", "result_code", "email", "to_username", "client_version_new","username_new", "file_format", "record_uid", "folder_uid", "folder_type", "shared_folder_uid", "attachment_id", "team_uid", "role_id"
Example Payload
Also, ensure that your syslog server allows traffic from Keeper servers. See page.