Hey!
I have setup promtail to fetch the system-journal logs. With that, I am able to get the access logs(i.e who tried to access which server).
Now I want to know if it is possible to get the audit logs of an ssh session, meaning if I login into the server and execute a set of commands, it should be captured under that ssh session.
Hi,
I would suggest to start by logging your sessions activity to files.
There are multiple approaches:
Ex : logging - How can I create session logs of individual SSH sessions? - Super User
Then it would be as easy as pointing your promtail to the files.
Hope it helps.
Good Luck
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.