# Syslog configuration #### **1. Modifying the JumpServer Configuration File** The configuration files for JumpServer are located at: `/opt/jumpserver/config/config.txt` The following elements need to be added to the JumpServer configuration: ```bash # Syslog Configuration SYSLOG_ENABLE=true SYSLOG_ADDR=10.1.12.116:514 # Syslog server IP and port SYSLOG_FACILITY=local2 # Corresponds to the Syslog configuration file ``` #### **2. Restarting JumpServer** After modifying the JumpServer configuration file, you need to restart the service to apply the changes. Command: ```bash jmsctl restart ``` #### **3. Verifying the Configuration** Log into the JumpServer service to generate a login event log and check for output on the Syslog server. Example login event log: [![example log image](https://kb.afi-d.ru/uploads/images/gallery/2024-05/scaled-1680-/NvyHc2PXNNjTD1fX-izobrazenie.png)](https://kb.afi-d.ru/uploads/images/gallery/2024-05/NvyHc2PXNNjTD1fX-izobrazenie.png) #### **4. Analyzing Syslog Information**

Event Type	Syslog Record Example
Login	Apr 19 15:25:11 10.1.14.125 jumpserver: login\_log - {"backend": "Password", "backend\_display": "password", "city": "local", "datetime": "2023/04/19 15:18:36 +0800", "id": "cfc378e5-6337-4bf9-a8ac-15f33c2b0314", "ip": "10.1.10.35", "mfa": {"label": "disabled", "value": 0}, "reason": "", "reason\_display": "", "status": {"label": "successful", "value": true}, "type": {"label": "Web", "value": "W"}, "user\_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48", "username": "admin"}
File Upload	Apr 19 15:27:26 10.1.14.125 jumpserver: ftp\_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date\_start": "2023/04/19 15:20:51 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "6e7721c0-2091-49fb-8853-fc18e0a2e432", "is\_success": true, "operate": {"label": "uploading", "value": "upload"}, "org\_id": "00000000-0000-0000-0000-000000000002", "remote\_addr": "10.1.10.35", "user": "Administrator(admin)"}
File Download	Apr 19 15:28:08 10.1.14.125 jumpserver: ftp\_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date\_start": "2023/04/19 15:21:33 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "113c0601-80c1-47d1-a053-5038fd89698c", "is\_success": true, "operate": {"label": "downloading", "value": "download"}, "org\_id": "00000000-0000-0000-0000-000000000002", "remote\_addr": "10.1.10.35", "user": "Administrator(admin)"}

Event Type	Syslog Record Example
Login	Apr 19 15:25:11 10.1.14.125 jumpserver: login\_log - {"backend": "Password", "backend\_display": "password", "city": "local", "datetime": "2023/04/19 15:18:36 +0800", "id": "cfc378e5-6337-4bf9-a8ac-15f33c2b0314", "ip": "10.1.10.35", "mfa": {"label": "disabled", "value": 0}, "reason": "", "reason\_display": "", "status": {"label": "successful", "value": true}, "type": {"label": "Web", "value": "W"}, "user\_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48", "username": "admin"}
File Upload	Apr 19 15:27:26 10.1.14.125 jumpserver: ftp\_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date\_start": "2023/04/19 15:20:51 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "6e7721c0-2091-49fb-8853-fc18e0a2e432", "is\_success": true, "operate": {"label": "uploading", "value": "upload"}, "org\_id": "00000000-0000-0000-0000-000000000002", "remote\_addr": "10.1.10.35", "user": "Administrator(admin)"}
File Download	Apr 19 15:28:08 10.1.14.125 jumpserver: ftp\_log - {"account": "root(root)", "asset": "10.1.12.182-root(10.1.12.182)", "date\_start": "2023/04/19 15:21:33 +0800", "filename": "/tmp/vmware-root/file.pdf", "id": "113c0601-80c1-47d1-a053-5038fd89698c", "is\_success": true, "operate": {"label": "downloading", "value": "download"}, "org\_id": "00000000-0000-0000-0000-000000000002", "remote\_addr": "10.1.10.35", "user": "Administrator(admin)"}