Audit Destinations
Audit Destinations
Four types of auditing information are available:
- Authentication: users presenting credentials to obtain an access token
- Authorisation: individual transactions with an access token that are checked for allow/deny
- Access logs: individual transaction detail information
- API access: changes to the state of the system via API
By default, all records except for those generated by an Agilicus Connector are stored inside the Agilicus cloud. In addition, you may send logs to a webhook (or, in the case of the Connector, a file).
You may enable records from the Connector to come back to the Agilicus Cloud by enabling ‘Access’ and ‘Authorisation’ check marks in the Audit Destinations screen.

For each webhook destination, optional authentication information may be passed.
The intent of the audit destinations to a webhook is to allow the use of an external SIEM or log collector. Messages are sent in JSON format, an example is shown below:
{
"events": [
{
"create_time": "2022-02-13T21:17:10.912073099Z",
"event": {
"authority": "share.dbt.agilicus.cloud",
"bytes_received": 0,
"bytes_sent": 0,
"downstream_remote_address": "99.250.30.222",
"duration": 16,
"flags": "",
"hostname": "ds120",
"http_referrer": "https://profile.dbt.agilicus.cloud/",
"http_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.74 Safari/537.36",
"jti": "",
"log_type": "access",
"method": "OPTIONS",
"org": "",
"path": "/tmp/",
"protocol": "HTTP/1.1",
"request_id": "ad74cbc1-572c-47f3-8346-6e8f0ccc6c6a",
"response_code": 200,
"source_id": "XcX49eHn99DaoADbqfut4c",
"source_org_id": "5kX8JJdQ3CzYXXXXXX",
"source_type": "agent-connector",
"start_time": "2022-02-13T21:17:09.757266487Z",
"sub": "",
"upstream_authority": "127.0.0.1:45819"
},
"unique_id": "cCwsSeh8gwH66rVLMzayEi"
},
{
"create_time": "2022-02-13T21:17:10.912278621Z",
"event": {
"allowed": true,
"authenticated": true,
"authority": "share.dbt.agilicus.cloud",
"downstream_remote_address": "99.250.30.222",
"error": false,
"hostname": "ds120",
"jti": "hTrNWKetLyWLuS5rGA5B2s",
"log_type": "authorization",
"method": "PROPFIND",
"org": "5kX8JJdQ3CzYXXXXXX",
"path": "/tmp/",
"protocol": "HTTP/1.1",
"request_id": "c7e93aa2-bef1-4b96-9e0d-b94775f39f1d",
"source_id": "XcX49eHn99DaoADbqfut4c",
"source_org_id": "5kX8JJdQ3CzYXXXXXX",
"source_type": "agent-connector",
"sub": "XGMKWs5Sqh3wXXXXXX",
"time": "2022-02-13T21:17:10.151794113Z",
"whitelisted": false
},
"unique_id": "qrb8Cidj56AZr6MtLChwun"
}
]
}
Related Configuration
Return to Product Configuration
- Applications
- Labels
- Agilicus AnyX Frequently Asked Questions
- VNC Desktop
- Agilicus Connector – Container/Docker
- Agilicus Connector – NanoPI R5S
- Agilicus AnyX Product Updates
- Agilicus Connector – Export Certificate
- Agilicus Connector – Microsoft Windows
- Sign-In Errors
- Time Synchronisation
- Locked-Down Networks Certificate Revocation
- Signup: Firewall Configuration
- Geo-Location-Based Access Control
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Real VNC & Raspberry Pi
- Connector Install: Raspberry Pi
- Kubernetes Connector Install
- Linux, FreeBSD, Embedded Connector Install
- Connector Install: Ubiquiti EdgeRouter X
- Audit Destinations
- Agilicus Connector Install: MikroTik RouterOS
- Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer – Onsite Identity
- Authentication Issuer – Custom Identity
- Sign Up
- Microsoft ClickOnce
- Groups
- Agilicus Connector Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Launcher (Desktop)
- Agilicus Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Hosted Applications
- Command Line API Access
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Connector Install
- Moxa UC-8200 Zero-Trust Connector Install
- Cisco IOx Zero Trust Connector Install
- Synology Connector Install
- Authentication Clients
- Shares
- Services
- Resource Groups
- Legacy Active Directory