Administration
Recording Activity log to Syslog or Event Viewer
4min
description passwork can record events from the activity log in cef (common event format) , this allows you to customize the sending of events to the siem we do not provide instructions or examples on how to configure specific logging solutions, as such actions are directly dependent on the infrastructure of a particular company activation go to settings and users → activity log → settings , activate the option — write activity logs to the syslog or windows event log by default, once activated, all passwork events will be written to a local file deb (ubuntu, debian, astra linux) — /var/log/syslog rpm (centos, redhat) — /var/log/messages docker — /\<passwork>/log/php/syslog windows server — configuring the event viewer docid\ e5j4u mpk4bcu17lmsfre if deb based linux servers do not have a syslog file, you need to install the package — apt install syslog ng y every event includes device value (depending on the client) web interface — web ; mobile application — mobile ; browser extension — browser addon ; api request — api ; action performed by the system — internal event id — a unique identifier of the action, for example item created ; severity — importance level of the event from 1 (low) to 10 (high); description — a description of the action that occurred; additional fields suid — id of the user who performed the action; suser — login of the user who performed the action; duid — id of the user on whom the action was performed; duser — login of the user on whom the action was performed; passworkip — ip address of the client event structure cef cef\ version|device vendor|device product|device version|signature id|name|severity|extension passwork implements the following events that are committed to a local file — events list from the activity log docid 3xexcaofc9x95emjqa41z