mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-20 09:26:37 +00:00
improve activtiy event docs (#222)
This commit is contained in:
juliaroesschen
@@ -1,39 +1,123 @@
|
||||
# Monitor System and Network Activity
|
||||
|
||||
# Monitor system and network activity
|
||||
The activity monitoring functionality in NetBird allows you to observe and track changes to your network infrastructure. This includes events such as when a new machine or user has joined your network, when access control policies have been modified, and many other key network activities.
|
||||
|
||||
The activity monitoring feature lets you quickly see what's happening with your network.
|
||||
Whether a new machine or user joined your network or the access control policy has been modified, the activity log allows you to track the changes to your network.
|
||||
## Access the Activity Monitoring View
|
||||
|
||||
## Access activity monitoring view
|
||||
|
||||
Activity monitoring is enabled by default for every network, and you can access it in the web UI under the [Activity tab](https://app.netbird.io/activity).
|
||||
You can also use the search bar to filter events by activity type.
|
||||
The activity monitoring feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Activity tab](https://app.netbird.io/activity). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users.
|
||||
|
||||
<p>
|
||||
<img src="/docs-static/img/how-to-guides/activity-monitoring.webp" alt="activity-monitoring" className="imagewrapper-big"/>
|
||||
</p>
|
||||
|
||||
<Note>
|
||||
The current version of NetBird tracks network changes that occur in the Management server. E.g., changes related to the list of peers, groups, system settings, setup keys, access control, etc.
|
||||
The future versions will support connection events that occur in NetBird agents (e.g., peer A connected to peer B).
|
||||
</Note>
|
||||
The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies.
|
||||
|
||||
<details>
|
||||
<summary>Click here to view the full list of tracked events</summary>
|
||||
|
||||
- **Peer Management:**
|
||||
- Peer added by user
|
||||
- Peer added with setup key
|
||||
- Peer removed by user
|
||||
- Peer renamed
|
||||
- Peer SSH server enabled
|
||||
- Peer SSH server disabled
|
||||
- Peer login expiration enabled
|
||||
- Peer login expiration disabled
|
||||
|
||||
- **User Management:**
|
||||
- User joined
|
||||
- User invited
|
||||
- User role updated
|
||||
- User blocked
|
||||
- User unblocked
|
||||
- User deleted
|
||||
|
||||
- **Group Management:**
|
||||
- Group created
|
||||
- Group updated
|
||||
- Group deleted
|
||||
- Group added to peer
|
||||
- Group removed from peer
|
||||
- Group added to user
|
||||
- Group removed from user
|
||||
- Group added to setup key
|
||||
- Group removed from setup key
|
||||
- Group added to disabled management DNS setting
|
||||
- Group removed from disabled management DNS setting
|
||||
|
||||
- **Policy Management:**
|
||||
- Policy added
|
||||
- Policy updated
|
||||
- Policy removed
|
||||
|
||||
- **Rule Management:**
|
||||
- Rule added
|
||||
- Rule updated
|
||||
- Rule removed
|
||||
|
||||
- **Setup Key Management:**
|
||||
- Setup key created
|
||||
- Setup key updated
|
||||
- Setup key revoked
|
||||
- Setup key overused
|
||||
|
||||
- **Route Management:**
|
||||
- Route created
|
||||
- Route removed
|
||||
- Route updated
|
||||
|
||||
- **Account Management:**
|
||||
- Account created
|
||||
- Account peer login expiration duration updated
|
||||
- Account peer login expiration enabled
|
||||
- Account peer login expiration disabled
|
||||
- Account peer approval enabled
|
||||
- Account peer approval disabled
|
||||
|
||||
- **Nameserver Group Management:**
|
||||
- Nameserver group created
|
||||
- Nameserver group deleted
|
||||
- Nameserver group updated
|
||||
|
||||
- **Token Management:**
|
||||
- Personal access token created
|
||||
- Personal access token deleted
|
||||
|
||||
- **Service User Management:**
|
||||
- Service user created
|
||||
- Service user deleted
|
||||
|
||||
- **Integration Management:**
|
||||
- Integration created
|
||||
- Integration updated
|
||||
- Integration deleted
|
||||
|
||||
- **Other Events:**
|
||||
- Transferred owner role
|
||||
- Posture check created
|
||||
- Posture check updated
|
||||
- Posture check deleted
|
||||
- User logged in peer
|
||||
- Peer login expired
|
||||
- Dashboard login
|
||||
|
||||
</details>
|
||||
|
||||
Future versions will also support connection events that occur in NetBird agents (e.g., peer A connected to peer B).
|
||||
|
||||
<Note>
|
||||
The `unknown`name or `unknown@unknown.com` e-mail address.
|
||||
In the activity event store, the system keeps the deleted user information encrypted. If the encryption key has been corrupted or lost,
|
||||
then the events returned by the API could show as `unknown@unknown.com` for the e-mail address field and as `unknown` for the name field.
|
||||
If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in
|
||||
the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file.
|
||||
The `unknown` name or `unknown@unknown.com` email address may be displayed in the activity event store if the encryption key has been corrupted or lost. This issue is most relevant for self-hosted setups. In this case, the events returned by the API could show `unknown@unknown.com` for the email address field and `unknown` for the name field.
|
||||
|
||||
If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file.
|
||||
</Note>
|
||||
|
||||
## Enable activity event streaming to SIEM systems
|
||||
## Enable Activity Event Streaming to SIEM Systems
|
||||
|
||||
NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time.
|
||||
With this feature enabled you can monitor and analyze NetBird network changes in your SIEM system.
|
||||
Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and
|
||||
how to enable them.
|
||||
NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them.
|
||||
|
||||
## Get Started
|
||||
|
||||
## Get started
|
||||
<p float="center" >
|
||||
<Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user