Audit logs
The Cyral audit log records the actions of your Cyral administrators, including logins, logouts, and edits to service accounts used for Cyral SSO. Audit logs are stored for 30 days.
View Cyral audit logs
To view the log, click Audit in the left panel of the Cyral control plane UI. You must be logged in as a user with the View Audit Logs permission in order to view the logs. In the default configuration, the Super Admin role has this permission.
Cyral audit log contents
The log shows:
- Action: Cyral's short name for the action
- User: Who did the action
- Description: What the user did, such as logging in, making an administrative change, or getting an access token
- Time: When the action was done
Export Cyral audit logs
You can export Cyral audit logs to your SIEM platform. This export can rely on the same SIEM integration that you use to send Cyral data activity logs to your SIEM platform, or you can set up a separate SIEM integration.
Prerequisites
- Set up your SIEM integration
- Verify that your Cyral control plane has network access to your SIEM platform.
caution
The Cyral control plane must have network connectivity to your SIEM platform in order to export audit logs.
Procedure
Set up export of Cyral audit logs to your SIEM platform as follows:
In the left menu panel of the Cyral control plane UI, click Audit.
Click Configure Log Forwarding.
Click the checkbox for the SIEM that will receive Cyral audit logs.
Click Save.