Send audit logs to the SIEM.

Hello people.

I’m having trouble getting my logs to work correctly for the SIEM.
I configured rsyslog and logstash and both suddenly stop working.

Has anyone ever experienced this?

Hello Raphael,

welcome to privacyIDEA.
You description is a bit sparse.

privacyIDEA writes two logs.

a) the log file which is handled via python logging mechanism and can contain a lot of (debug) information and
b) the audit log, which only contains one (signed) entry per REST API request.

There are means to write both to external logging facilities.