Syslog
Integrating Keeper SIEM push to standard Syslog endpoints
Last updated
Integrating Keeper SIEM push to standard Syslog endpoints
Last updated
Keeper supports event streaming into standard TCP Syslog collectors. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.
Keeper supports a standard "Syslog" push capability over TCP.
Ports TCP Ports 514 and 6514 (TLS)
Fields Exported "audit_event", "username", "client_version", "remote_address", "channel", "result_code", "email", "to_username", "client_version_new","username_new", "file_format", "record_uid", "folder_uid", "folder_type", "shared_folder_uid", "attachment_id", "team_uid", "role_id"
Example Payload
Important: Ensure that the endpoint is using a valid signed SSL certificate that has a domain matching the subject name in the certificate. The certificate must also include the full certificate chain from your CA. Keeper's systems will refuse to connect to a self-signed certificate.
Also, ensure that your syslog server allows traffic from Keeper servers. See Firewall Configuration page.