ekampf
commented
1 year ago Hey @prestonr83,
Since you're using the connector's docker image collecting logs is much simpler.
You need to make sure you have Connector Realtime logs enabled (https://www.twingate.com/docs/connector-real-time-logs) - add a TWINGATE_LOG_ANALYTICS to .Values.env - and connection logs will appear in your pod's STDOUT.
You can then use Vector\Filebeat\etc. daemon to collect and process these logs.
We do want to have explicit support for TWINGATE_LOG_ANALYTICS - not via .Values.env - so I'm keeping this issue open for that and will add that functionality soon.
I'd like to log data to Prometheus and according to your docs you support using Vector to push journald to Prometheus. Could you add support for Vector into the connector image and helm chart? https://www.twingate.com/docs/siem-guide#vector