Monitoring (Logging) Overview
Cyolo’s Admin Portal includes four types of logs:
- Activity logs
- Audit logs
- System logs
- Web Access logs
The Cyolo platform supports exporting logs via Syslog. Below is a description of each type of logging system.
Note: To edit columns, click the Edit Columns icon at the top right of the screen.
Log Structure
The log structure for these logs closely matches SIEM (CEF/LEEF/ECS) and IDS/IPS logs. This aligns as follows:
| Field | SIEM/IDS Equivalent |
|---|---|
| Severity | severity (CEF, ECS, IDS) |
| Timestamp | timestamp (ECS, IDS, LEEF) |
| Approver ID | user.id(ECS) |
| Action | event.action (ECS) |
| Action Result | event.outcome (ECS) |
| Result Description | message (CEF, ECS) |
| Source Type | source.type(ECS) |
| Source Name | source.name (ECS) |
| Source IP | source.ip (ECS, IDS) |
| Source Location | source.geo.location (ECS) |
| Target Type | target.type(ECS) |
| Target Name | target.name(ECS) |
| Approver Type | user.type(ECS) |
| Approver Name | user.name(ECS) |
| User Agent | user_agent.original (ECS, IDS) |
| ID | event.id (ECS) |
Activity Logs
Activity logs manage and reflect all actions performed by users related to applications.
Audit Logs
Audit logs manage the results of configuration changes performed by administrators.
System Logs
System logs include events related to the system health, internal statuses, etc.
Web Access Logs
Web Access logs are related to web applications. They are disabled by default; the enablement is done via API and per application.
Additional Logs
Syslog
For Syslog information, see the section Exporting Logs to Other Destinations.
Cyolo Connect Logs
There are two options for checking the Cyolo Connect logs:
- Right-click on Cyolo Connect and then click Export Logs.
- For Windows, open Event Viewer to display the log:
Updated about 1 month ago