Updated: Nov 17, 2017

Audit Log

SmartKey automatically maintains an internal audit log of system operations. To view the audit log, select the Events icon in the sidebar. For convenience, when viewing the detail of security objects and other SmartKey objects, the most recent audit log entries applicable to the object are shown in the right-hand pane.

Sending audit logs to Splunk

You can configure SmartKey to send audit log entries to a Splunk server via the HTTP Event Collector (HEC).

To set up Splunk integration, you must be an administrator of the account.

To configure logging to Splunk, select the Settings icon in the sidebar, then select “Log Management”. Under “Custom Log Management Integrations”, click the “Add Integration” button for Splunk.

Configuring a Splunk integration requires the following information:

  • The hostname and port information for the Splunk server
  • If communicating with the Splunk server over HTTPS (recommended), either ensure the Splunk server has a certificate from a well-known public CA, or select “Custom CA Certificate” and upload a CA certificate to be used to verify the Splunk server.
  • The name of the Splunk index to submit events. This value is sent to the Splunk server and can be set to whatever you like.
  • A valid authentication token to authenticate to the HTTP Event Collector of your Splunk instance. See the Splunk documentation for detail about generating HEC authentication tokens.

For security reasons, the authentication token is not displayed in the interface when editing an existing configuration.