JumpServer PAM » Documentation » Installation » Syslog configuration

Syslog configuration

1. Modifying the JumpServer Configuration File

The configuration files for JumpServer are located at: /opt/jumpserver/config/config.txt

The following elements need to be added to the JumpServer configuration:

# Syslog Configuration
SYSLOG_ENABLE=true
SYSLOG_ADDR=10.1.12.116:514  # Syslog server IP and port
SYSLOG_FACILITY=local2  # Corresponds to the Syslog configuration file

2. Restarting JumpServer

After modifying the JumpServer configuration file, you need to restart the service to apply the changes.

Command:

jmsctl restart

3. Verifying the Configuration

Log into the JumpServer service to generate a login event log and check for output on the Syslog server. Example login event log:

example log image

4. Analyzing Syslog Information

Event Type Syslog Record Example
Login Apr 19 15:25:11 10.1.14.125 jumpserver: login_log - {"backend": "Password", "backend_display": "password", "city": "local", "datetime": "2023/04/19 15:18:36 +0800", "id": "cfc378e5-6337-4bf9-a8ac-15f33c2b0314", "ip": "10.1.10.35", "mfa": {"label": "disabled", "value": 0}, "reason": "", "reason_display": "", "status": {"label": "successful", "value": true}, "type": {"label": "Web", "value": "W"}, "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48", "username": "admin"}
File Upload Apr 19 15:27:26 10.1.14.125 jumpserver: ftp_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date_start": "2023/04/19 15:20:51 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "6e7721c0-2091-49fb-8853-fc18e0a2e432", "is_success": true, "operate": {"label": "uploading", "value": "upload"}, "org_id": "00000000-0000-0000-0000-000000000002", "remote_addr": "10.1.10.35", "user": "Administrator(admin)"}
File Download Apr 19 15:28:08 10.1.14.125 jumpserver: ftp_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date_start": "2023/04/19 15:21:33 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "113c0601-80c1-47d1-a053-5038fd89698c", "is_success": true, "operate": {"label": "downloading", "value": "download"}, "org_id": "00000000-0000-0000-0000-000000000002", "remote_addr": "10.1.10.35", "user": "Administrator(admin)"}
<< How to Remove Passwords Entered by Users Inside SSH Sessions from the Logs Configuring External Storage for Session Recordings in JumpServer >>

Need help?

Support during the JumpServer PAM Enterprise Edition pilot

Have you started testing JumpServer PAM EE and encountered an issue? Our process includes organizing email threads or Telegram groups for prompt issue resolution. If you are sure you were not added to such a group, please contact your supplier or reach out to us at support@afi-d.ru

Training for your specialists on configuring and administering JumpServer PAM

As part of an active technical support subscription, we will train your specialists in installation, configuration, administration of JumpServer PAM, as well as recovery from errors and incidents.

Training is conducted online, according to a pre-agreed plan, and includes mandatory practical knowledge verification with the issuance of personalized certificates (upon successful exam completion).

Video tutorials

Visit our channel on YouTube with video tutorials covering the configuration of all JumpServer PAM sections. The videos are in Russian and are updated with each new release.

Technical support for the free JumpServer PAM Community Edition

The idea of implementing a complex but business-critical PAM system can be intimidating due to the perceived complexity of setup, administrator and security team training, and changes to account management processes.

To make the deployment and configuration of JumpServer Community Edition comfortable, and to ensure you can always rely on professional assistance, AFI Distribution offers an annual technical support subscription.

The support package priced at 1.5 million RUB per JumpServer Community Edition instance (with no limits on the number of users or target systems) includes everything required to use PAM:

  • Russian-language documentation;
  • usage scenarios and recommended deployment architectures;
  • training for administrators and information security specialists on working with JumpServer;
  • tips and solutions for common questions;
  • notifications about new releases with verified upgrade instructions;
  • integration with RADIUS and multi-factor authentication “Multifactor” ;
  • direct access to an engineer (no first-line support) with a clear SLA.
Learn more and make a purchase on the Technical support subscription page
JumpServer PAM — privileged access management and secure access for contractors

JumpServer — a PAM solution with the largest user base, a full set of in-demand features, and excellent technical support.

The developer is Fit2Cloud; its mission is to keep the cost of high-quality privileged access and password management solutions affordable.

JumpServer.org

AFI Distribution LLC is a distributor of solutions for security and automation of computer networks.

Our specialists and partner integrators will help you: provide consultations, estimate projects, deploy solutions in networks of any scale, and train your staff.

AFI-Distribution.com

HERCEGOVAČKA 21
11000, Beograd, Srbija


Phone: +381 67 755 69 32
Phone: +381 67 755 29 63
E-mail: info@jumpserver-pam.com
TG: @JumpServerPAM_English

Prices listed on the website are recommended and do not include taxes, fees and additional options.