PingOne Advanced Services

Log streaming

Event logs contain valuable information regarding possible security threats, outages, and metrics that can help troubleshoot issues, and log streaming makes it possible to export these log files in near real-time.

You can stream your log files for all Ping Identity products in your PingOne Advanced Services cloud network using a variety of different log aggregation tools. Either set up this process when you initially access your applications, or submit a service request at any time. Ensure that you include pertinent information, listed here, regarding your aggregation tool in your request.

See the following for details:

Amazon S3 Bucket

To export log files with an Amazon S3 bucket, include the following information in your request:

  • Your AccountID

  • AWS key and secret

  • Bucket name

Amazon CloudWatch

To export log files with an Amazon CloudWatch, include the following information in your request:

  • Your AccountID

  • AWS key and secret

  • Log group names

  • Log steam names

ArcSight

With ArcSight, the syslog output with a JSON encoding is used. To export log files, include the destination host and port in your request.

Elasticsearch

You can configure Elasticsearch to use the Elasticsearch output plugin.

Generic HTTP or Webhook

To export log files with a generic HTTP or webhooks, include the following information in your request:

  • Endpoint URL

  • HTTP method used to send data

  • An authorization token or key (optional)

IBM QRadar

With QRadar, the syslog output with a JSON encoding is used. To export log files, include the destination host and port in your request.

Microsoft Azure

You can configure Azure for one of these plugins:

Splunk HTTP Event Collector (HEC)

With Splunk HEC, only RAW Endpoint is supported. To export log files, include the following information in your request:

  • Splunk HEC Endpoint URL

  • Splunk API Key

Syslog

To export log files with Syslog, include the destination host and port in your request.