diff --git a/src/pages/how-to/monitor-system-and-network-activity.mdx b/src/pages/how-to/monitor-system-and-network-activity.mdx index d1a12963..c8e82e2f 100644 --- a/src/pages/how-to/monitor-system-and-network-activity.mdx +++ b/src/pages/how-to/monitor-system-and-network-activity.mdx @@ -1,39 +1,123 @@ +# Monitor System and Network Activity -# Monitor system and network activity +The activity monitoring functionality in NetBird allows you to observe and track changes to your network infrastructure. This includes events such as when a new machine or user has joined your network, when access control policies have been modified, and many other key network activities. -The activity monitoring feature lets you quickly see what's happening with your network. -Whether a new machine or user joined your network or the access control policy has been modified, the activity log allows you to track the changes to your network. +## Access the Activity Monitoring View -## Access activity monitoring view - -Activity monitoring is enabled by default for every network, and you can access it in the web UI under the [Activity tab](https://app.netbird.io/activity). -You can also use the search bar to filter events by activity type. +The activity monitoring feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Activity tab](https://app.netbird.io/activity). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users.

activity-monitoring

- - The current version of NetBird tracks network changes that occur in the Management server. E.g., changes related to the list of peers, groups, system settings, setup keys, access control, etc. - The future versions will support connection events that occur in NetBird agents (e.g., peer A connected to peer B). - +The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies. + +
+ Click here to view the full list of tracked events + + - **Peer Management:** + - Peer added by user + - Peer added with setup key + - Peer removed by user + - Peer renamed + - Peer SSH server enabled + - Peer SSH server disabled + - Peer login expiration enabled + - Peer login expiration disabled + + - **User Management:** + - User joined + - User invited + - User role updated + - User blocked + - User unblocked + - User deleted + + - **Group Management:** + - Group created + - Group updated + - Group deleted + - Group added to peer + - Group removed from peer + - Group added to user + - Group removed from user + - Group added to setup key + - Group removed from setup key + - Group added to disabled management DNS setting + - Group removed from disabled management DNS setting + + - **Policy Management:** + - Policy added + - Policy updated + - Policy removed + + - **Rule Management:** + - Rule added + - Rule updated + - Rule removed + + - **Setup Key Management:** + - Setup key created + - Setup key updated + - Setup key revoked + - Setup key overused + + - **Route Management:** + - Route created + - Route removed + - Route updated + + - **Account Management:** + - Account created + - Account peer login expiration duration updated + - Account peer login expiration enabled + - Account peer login expiration disabled + - Account peer approval enabled + - Account peer approval disabled + + - **Nameserver Group Management:** + - Nameserver group created + - Nameserver group deleted + - Nameserver group updated + + - **Token Management:** + - Personal access token created + - Personal access token deleted + + - **Service User Management:** + - Service user created + - Service user deleted + + - **Integration Management:** + - Integration created + - Integration updated + - Integration deleted + + - **Other Events:** + - Transferred owner role + - Posture check created + - Posture check updated + - Posture check deleted + - User logged in peer + - Peer login expired + - Dashboard login + +
+ +Future versions will also support connection events that occur in NetBird agents (e.g., peer A connected to peer B). - The `unknown`name or `unknown@unknown.com` e-mail address. - In the activity event store, the system keeps the deleted user information encrypted. If the encryption key has been corrupted or lost, - then the events returned by the API could show as `unknown@unknown.com` for the e-mail address field and as `unknown` for the name field. - If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in - the backup files in the same folder as the script. Look for the DataStoreEncryptionKey field in the `management.json` backup file. + The `unknown` name or `unknown@unknown.com` email address may be displayed in the activity event store if the encryption key has been corrupted or lost. This issue is most relevant for self-hosted setups. In this case, the events returned by the API could show `unknown@unknown.com` for the email address field and `unknown` for the name field. + + If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the DataStoreEncryptionKey field in the `management.json` backup file. -## Enable activity event streaming to SIEM systems +## Enable Activity Event Streaming to SIEM Systems -NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. -With this feature enabled you can monitor and analyze NetBird network changes in your SIEM system. -Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and -how to enable them. +NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them. + +## Get Started -## Get started