Skip to main content
Version: v4.16

Audit logs

The Cyral audit log records the actions of your Cyral administrators, including logins, logouts, and edits to service accounts used for Cyral SSO. Audit logs are stored for 30 days.

View Cyral audit logs

To view the log, click Audit in the left panel of the Cyral control plane UI. You must be logged in as a user with the View Audit Logs permission in order to view the logs. In the default configuration, the Super Admin role has this permission.

Cyral audit log contents

The log shows:

  • Action: Cyral's short name for the action
  • User: Who did the action
  • Description: What the user did, such as logging in, making an administrative change, or getting an access token
  • Time: When the action was done

Export Cyral audit logs

You can export Cyral audit logs to your SIEM platform. This export can rely on the same SIEM integration that you use to send Cyral data activity logs to your SIEM platform, or you can set up a separate SIEM integration.

Prerequisites

caution

The Cyral control plane must have network connectivity to your SIEM platform in order to export audit logs.

Procedure

Set up export of Cyral audit logs to your SIEM platform as follows:

  1. In the left menu panel of the Cyral control plane UI, click Audit.

  2. Click Configure Log Forwarding.

  3. Click the checkbox for the SIEM that will receive Cyral audit logs.

  4. Click Save.