[management] Network traffic events docs (#291)

* Rename Network Activity Logging to Audit Activity Logging Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * refactor the audit events doc Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add management traffic event doc Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update audit events logging image Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update event streaming image Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Update src/pages/how-to/traffic-events-logging.mdx Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Update src/pages/how-to/traffic-events-logging.mdx Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Update src/pages/how-to/traffic-events-logging.mdx Co-authored-by: Misha Bragin <bangvalo@gmail.com> * Update docs to clarify feature availability Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * add link --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Misha Bragin <bangvalo@gmail.com> Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2026-05-02 23:36:35 +00:00 · 2025-03-23 16:17:58 +03:00
parent 94a6853ce9
commit 7507b931d5
7 changed files with 54 additions and 8 deletions
--- a/src/pages/how-to/audit-events-logging.mdx
+++ b/src/pages/how-to/audit-events-logging.mdx
@@ -0,0 +1,136 @@
+# Audit Events Logging
+
+The Audit events logging functionality in NetBird allows you to observe and track changes to your network infrastructure.
+This includes events such as when a new machine or user has joined your network, when access control policies have been modified,
+and many other key network events.
+
+## Related Video Content
+
+To get started with event logging in NetBird, watch this introductory video:
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/UlnMo1KYXPU?si=JdzEr9v2EZHlP7lc" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+
+
+## Access the Audit Events Logging View
+The audit events logging feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Audit Events tab](https://app.netbird.io/events/audit). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/activity-monitoring.png" alt="activity-monitoring" className="imagewrapper-big"/>
+</p>
+
+The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies.
+
+<details>
+  <summary>Click here to view the full list of tracked events</summary>
+
+  - **Peer Management:** 
+    - Peer added by user
+    - Peer added with setup key
+    - Peer removed by user
+    - Peer renamed
+    - Peer SSH server enabled
+    - Peer SSH server disabled
+    - Peer login expiration enabled
+    - Peer login expiration disabled
+
+  - **User Management:** 
+    - User joined
+    - User invited
+    - User role updated
+    - User blocked
+    - User unblocked
+    - User deleted
+
+  - **Group Management:** 
+    - Group created
+    - Group updated
+    - Group deleted
+    - Group added to peer
+    - Group removed from peer
+    - Group added to user
+    - Group removed from user
+    - Group added to setup key
+    - Group removed from setup key
+    - Group added to disabled management DNS setting
+    - Group removed from disabled management DNS setting
+
+  - **Policy Management:** 
+    - Policy added
+    - Policy updated
+    - Policy removed
+
+  - **Rule Management:** 
+    - Rule added
+    - Rule updated
+    - Rule removed
+
+  - **Setup Key Management:** 
+    - Setup key created
+    - Setup key updated
+    - Setup key revoked
+    - Setup key overused
+
+  - **Route Management:** 
+    - Route created
+    - Route removed
+    - Route updated
+
+  - **Account Management:** 
+    - Account created
+    - Account peer login expiration duration updated
+    - Account peer login expiration enabled
+    - Account peer login expiration disabled
+    - Account peer approval enabled
+    - Account peer approval disabled
+
+  - **Nameserver Group Management:** 
+    - Nameserver group created
+    - Nameserver group deleted
+    - Nameserver group updated
+
+  - **Token Management:** 
+    - Personal access token created
+    - Personal access token deleted
+
+  - **Service User Management:** 
+    - Service user created
+    - Service user deleted
+
+  - **Integration Management:** 
+    - Integration created
+    - Integration updated
+    - Integration deleted
+
+  - **Other Events:** 
+    - Transferred owner role
+    - Posture check created
+    - Posture check updated
+    - Posture check deleted
+    - User logged in peer
+    - Peer login expired
+    - Dashboard login
+
+</details>
+
+Future versions will also support connection events that occur in NetBird agents (e.g., peer A connected to peer B).
+
+<Note>
+    The `unknown` name or `unknown@unknown.com` email address may be displayed in the activity event store if the encryption key has been corrupted or lost. This issue is most relevant for self-hosted setups. In this case, the events returned by the API could show `unknown@unknown.com` for the email address field and `unknown` for the name field.
+    
+    If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file.
+</Note>
+
+## Enable Audit Events Streaming to SIEM Systems
+
+NetBird can stream audit events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them.
+
+## Get Started
+
+<p float="center" >
+    <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>
+</p>
+
+- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
+- Follow us [on Twitter](https://twitter.com/netbird)
+- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-31rofwmxc-27akKd0Le0vyRpBcwXkP0g)
+- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub