Log streaming
Event logs contain valuable information regarding possible security threats, outages, and metrics that can help troubleshoot issues, and log streaming makes it possible to export these log files in near real-time.
You can stream your log files for all Ping Identity products in your PingOne Advanced Services cloud network using a variety of different log aggregation tools. Either set up this process when you initially access your applications, or submit a service request at any time. Ensure that you include pertinent information, listed here, regarding your aggregation tool in your request.
See the following for details:
Amazon S3 Bucket
To export log files with an Amazon S3 bucket, include the following information in your request:
-
Your AccountID
-
AWS key and secret
-
Bucket name
Amazon CloudWatch
To export log files with an Amazon CloudWatch, include the following information in your request:
-
Your AccountID
-
AWS key and secret
-
Log group names
-
Log steam names
ArcSight
With ArcSight, the syslog output with a JSON encoding is used. To export log files, include the destination host and port in your request.
Elasticsearch
You can configure Elasticsearch to use the Elasticsearch output plugin.
Generic HTTP or Webhook
To export log files with a generic HTTP or webhooks, include the following information in your request:
-
Endpoint URL
-
HTTP method used to send data
-
An authorization token or key (optional)
IBM QRadar
With QRadar, the syslog output with a JSON encoding is used. To export log files, include the destination host and port in your request.
Microsoft Azure
You can configure Azure for one of these plugins:
Splunk HTTP Event Collector (HEC)
With Splunk HEC, only RAW Endpoint is supported. To export log files, include the following information in your request:
-
Splunk HEC Endpoint URL
-
Splunk API Key
Syslog
To export log files with Syslog, include the destination host and port in your request.