Twingate is a zero trust network access platform that allows fast growing companies to quickly and easily provide secure access to their AWS environment. By incorporating modern technologies such as NAT traversal, QUIC, private proxies, and split tunneling, Twingate can replace a traditional or cloud VPN while improving user performance and overall security.
This integration allows organizations to monitor a user's resource access activities in real time.
- You have the Datadog Agent installed on the Twingate Connector server. You must be able to connect to that host and edit the files to configure the Agent and YAML Integration Configs. To install the Datadog Agent, see Getting Started with the Agent.
- You must deploy the Twingate Connector. To enable real-time connection logs, see the Twingate documentation.
- Set up Datadog journald integration.
- Replace
journald.d/conf.yamlwith the following configuration:logs: - type: journald container_mode: true include_units: - twingate-connector.service service: Twingate Connection source: Twingate log_processing_rules: - type: include_at_match name: analytics pattern: ANALYTICS - type: mask_sequences name: remove_analytics replace_placeholder: "" pattern: "ANALYTICS "
- Add the
dd-agentuser to thesystemd-journalgroup by usingusermod -a -G systemd-journal dd-agent. - Restart the Datadog Agent by running
service datadog-agent restart. - Confirm that the Twingate Analytic log appears in the Log Explorer.
Add the following lines to the datadog.yaml configuration file:
logs_enabled: true
listeners:
- name: docker
config_providers:
- name: docker
polling: true
logs_config:
container_collect_all: true
container_exclude: ["image:.*"]
container_include: ["image:twingate/connector"]- Add the
dd-agentuser to thedockergroup by usingusermod -a -G docker dd-agent. - Restart the Datadog Agent by running
service datadog-agent restart.
Add additional parameters -e DD_CONTAINER_EXCLUDE="image:.*" and -e DD_CONTAINER_INCLUDE="image:twingate/connector" in the docker run command.
docker run -d --name datadog-agent \
--cgroupns host \
--pid host \
-e DD_API_KEY=xxx \
-e DD_LOGS_ENABLED=true \
-e DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL=true \
-e DD_CONTAINER_EXCLUDE="image:.*" \
-e DD_CONTAINER_INCLUDE="image:twingate/connector" \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /var/lib/docker/containers:/var/lib/docker/containers:ro \
-v /proc/:/host/proc/:ro \
-v /opt/datadog-agent/run:/opt/datadog-agent/run:rw \
-v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
gcr.io/datadoghq/agent:latestAdd the label com.datadoghq.ad.logs to the Twingate Connector docker run command:
docker run -d --sysctl net.ipv4.ping_group_range="0 2147483647" \
-l "com.datadoghq.ad.logs"='[{"service":"Twingate Connection","source":"Twingate","log_processing_rules":[{"type":"include_at_match","name":"analytics","pattern":"ANALYTICS"},{"type":"mask_sequences","name":"remove_analytics","replace_placeholder":"","pattern":"ANALYTICS "}]}]' \
--env TENANT_URL="https://xxx.twingate.com" \
--env ACCESS_TOKEN="xxx" \
--env REFRESH_TOKEN="xxx" \
--env TWINGATE_LABEL_HOSTNAME="`hostname`" \
--name "twingate-golden-seal" \
--restart=unless-stopped \
$(docker run --help | grep -- --pull >/dev/null && echo "--pull=always") twingate/connector:1Note: The Twingate Connector container needs to be recreated to add the new label
- Go to the Datadog Dashboard List.
- Search for the Twingate Analytics dashboard.
Need help? Contact Twingate Support.
Additional helpful documentation, links, and articles: