This docker contains a Logstash agent that enables secure transport of log data back to Bridgecrew Console. It is set to collect data from Linux's auth.log file (using syslog) and send it to Bridgecrew in an encrypted and secure.
The installation includes 2 steps:
auth.log
syslog configuration- Installing the syslog integration docker
- Edit
sudo vi /etc/rsyslog.conf
- Add row:
auth,authpriv.* @[REPLACE_WITH_LOGSTASH_HOST]:9910
Port 9910 (UDP) must be open between the to the logstash host (listening port).
Verify that iptables
is configured to allow incoming traffic on port 9910.
- ssh into the server where logstash-docker should be deployed
- Install docker
- Verify docker install by running the following command:
docker info
- Run syslog-integration docker by executing:
docker run -d -p 9910:9910/udp -e BC_CUSTOMER_NAME=[REPLACE_WITH_CUSTOMER_NAME] -e BC_API_TOKEN=[REPLACE_WITH_API_TOKEN] -e BC_URL="https://logstash.bridgecrew.cloud/logstash" bridgecrew/linux-auth-integration