This docker contains a Logstash agent that enables secure transport of log data back to Bridgecrew Console. It is set to collect data from Linux's auth.log file (using syslog) and send it to Bridgecrew in an encrypted and secure.
The installation includes 2 steps:
auth.logsyslog configuration- Installing the syslog integration docker
- Edit
sudo vi /etc/rsyslog.conf - Add row:
auth,authpriv.* @[REPLACE_WITH_LOGSTASH_HOST]:9910Port 9910 (UDP) must be open between the to the logstash host (listening port).
Verify that iptables is configured to allow incoming traffic on port 9910.
- ssh into the server where logstash-docker should be deployed
- Install docker
- Verify docker install by running the following command:
docker info - Run syslog-integration docker by executing:
docker run -d -p 9910:9910/udp -e BC_CUSTOMER_NAME=[REPLACE_WITH_CUSTOMER_NAME] -e BC_API_TOKEN=[REPLACE_WITH_API_TOKEN] -e BC_URL="https://logstash.bridgecrew.cloud/logstash" bridgecrew/linux-auth-integration