sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-18 08:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
566de95c9f5b1362598f1fdb0cd42cf444bdc93e
netbird-docs/src/pages/how-to/monitor-system-and-network-activity.mdx
juliaroesschen 566de95c9f Update monitor-system-and-network-activity.mdx (#231)
2024-09-11 13:40:14 +02:00

137 lines
5.1 KiB
Plaintext
Raw Blame History

# Network Activity Logging
The network activity logging functionality in NetBird allows you to observe and track changes to your network infrastructure.
This includes events such as when a new machine or user has joined your network, when access control policies have been modified,
and many other key network events.
## Related Video Content
To get started with event logging in NetBird, watch this introductory video:
<iframe width="560" height="315" src="https://www.youtube.com/embed/UlnMo1KYXPU?si=JdzEr9v2EZHlP7lc" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
## Access the Activity Logging View
The activity logging feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Activity tab](https://app.netbird.io/activity). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users.
<p>
<img src="/docs-static/img/how-to-guides/activity-monitoring.webp" alt="activity-monitoring" className="imagewrapper-big"/>
</p>
The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies.
<details>
<summary>Click here to view the full list of tracked events</summary>
- **Peer Management:**
- Peer added by user
- Peer added with setup key
- Peer removed by user
- Peer renamed
- Peer SSH server enabled
- Peer SSH server disabled
- Peer login expiration enabled
- Peer login expiration disabled
- **User Management:**
- User joined
- User invited
- User role updated
- User blocked
- User unblocked
- User deleted
- **Group Management:**
- Group created
- Group updated
- Group deleted
- Group added to peer
- Group removed from peer
- Group added to user
- Group removed from user
- Group added to setup key
- Group removed from setup key
- Group added to disabled management DNS setting
- Group removed from disabled management DNS setting
- **Policy Management:**
- Policy added
- Policy updated
- Policy removed
- **Rule Management:**
- Rule added
- Rule updated
- Rule removed
- **Setup Key Management:**
- Setup key created
- Setup key updated
- Setup key revoked
- Setup key overused
- **Route Management:**
- Route created
- Route removed
- Route updated
- **Account Management:**
- Account created
- Account peer login expiration duration updated
- Account peer login expiration enabled
- Account peer login expiration disabled
- Account peer approval enabled
- Account peer approval disabled
- **Nameserver Group Management:**
- Nameserver group created
- Nameserver group deleted
- Nameserver group updated
- **Token Management:**
- Personal access token created
- Personal access token deleted
- **Service User Management:**
- Service user created
- Service user deleted
- **Integration Management:**
- Integration created
- Integration updated
- Integration deleted
- **Other Events:**
- Transferred owner role
- Posture check created
- Posture check updated
- Posture check deleted
- User logged in peer
- Peer login expired
- Dashboard login
</details>
Future versions will also support connection events that occur in NetBird agents (e.g., peer A connected to peer B).
<Note>
The `unknown` name or `unknown@unknown.com` email address may be displayed in the activity event store if the encryption key has been corrupted or lost. This issue is most relevant for self-hosted setups. In this case, the events returned by the API could show `unknown@unknown.com` for the email address field and `unknown` for the name field.
If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file.
</Note>
## Enable Activity Event Streaming to SIEM Systems
NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them.
## Get Started
<p float="center" >
<Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>
</p>
- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
- Follow us [on Twitter](https://twitter.com/netbird)
- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-2p5zwhm4g-8fHollzrQa5y4PZF5AEpvQ)
- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
Reference in New Issue View Git Blame Copy Permalink