-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0592157
commit 57b7bfb
Showing
1 changed file
with
106 additions
and
22 deletions.
There are no files selected for viewing
128 changes: 106 additions & 22 deletions
128
src/pages/how-to/monitor-system-and-network-activity.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,39 +1,123 @@ | ||
| # Monitor System and Network Activity | ||
|
|
||
| # Monitor system and network activity | ||
| The activity monitoring functionality in NetBird allows you to observe and track changes to your network infrastructure. This includes events such as when a new machine or user has joined your network, when access control policies have been modified, and many other key network activities. | ||
|
|
||
| The activity monitoring feature lets you quickly see what's happening with your network. | ||
| Whether a new machine or user joined your network or the access control policy has been modified, the activity log allows you to track the changes to your network. | ||
| ## Access the Activity Monitoring View | ||
|
|
||
| ## Access activity monitoring view | ||
|
|
||
| Activity monitoring is enabled by default for every network, and you can access it in the web UI under the [Activity tab](https://app.netbird.io/activity). | ||
| You can also use the search bar to filter events by activity type. | ||
| The activity monitoring feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Activity tab](https://app.netbird.io/activity). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users. | ||
|
|
||
| <p> | ||
| <img src="/docs-static/img/how-to-guides/activity-monitoring.webp" alt="activity-monitoring" className="imagewrapper-big"/> | ||
| </p> | ||
|
|
||
| <Note> | ||
| The current version of NetBird tracks network changes that occur in the Management server. E.g., changes related to the list of peers, groups, system settings, setup keys, access control, etc. | ||
| The future versions will support connection events that occur in NetBird agents (e.g., peer A connected to peer B). | ||
| </Note> | ||
| The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies. | ||
|
|
||
| <details> | ||
| <summary>Click here to view the full list of tracked events</summary> | ||
|
|
||
| - **Peer Management:** | ||
| - Peer added by user | ||
| - Peer added with setup key | ||
| - Peer removed by user | ||
| - Peer renamed | ||
| - Peer SSH server enabled | ||
| - Peer SSH server disabled | ||
| - Peer login expiration enabled | ||
| - Peer login expiration disabled | ||
|
|
||
| - **User Management:** | ||
| - User joined | ||
| - User invited | ||
| - User role updated | ||
| - User blocked | ||
| - User unblocked | ||
| - User deleted | ||
|
|
||
| - **Group Management:** | ||
| - Group created | ||
| - Group updated | ||
| - Group deleted | ||
| - Group added to peer | ||
| - Group removed from peer | ||
| - Group added to user | ||
| - Group removed from user | ||
| - Group added to setup key | ||
| - Group removed from setup key | ||
| - Group added to disabled management DNS setting | ||
| - Group removed from disabled management DNS setting | ||
|
|
||
| - **Policy Management:** | ||
| - Policy added | ||
| - Policy updated | ||
| - Policy removed | ||
|
|
||
| - **Rule Management:** | ||
| - Rule added | ||
| - Rule updated | ||
| - Rule removed | ||
|
|
||
| - **Setup Key Management:** | ||
| - Setup key created | ||
| - Setup key updated | ||
| - Setup key revoked | ||
| - Setup key overused | ||
|
|
||
| - **Route Management:** | ||
| - Route created | ||
| - Route removed | ||
| - Route updated | ||
|
|
||
| - **Account Management:** | ||
| - Account created | ||
| - Account peer login expiration duration updated | ||
| - Account peer login expiration enabled | ||
| - Account peer login expiration disabled | ||
| - Account peer approval enabled | ||
| - Account peer approval disabled | ||
|
|
||
| - **Nameserver Group Management:** | ||
| - Nameserver group created | ||
| - Nameserver group deleted | ||
| - Nameserver group updated | ||
|
|
||
| - **Token Management:** | ||
| - Personal access token created | ||
| - Personal access token deleted | ||
|
|
||
| - **Service User Management:** | ||
| - Service user created | ||
| - Service user deleted | ||
|
|
||
| - **Integration Management:** | ||
| - Integration created | ||
| - Integration updated | ||
| - Integration deleted | ||
|
|
||
| - **Other Events:** | ||
| - Transferred owner role | ||
| - Posture check created | ||
| - Posture check updated | ||
| - Posture check deleted | ||
| - User logged in peer | ||
| - Peer login expired | ||
| - Dashboard login | ||
|
|
||
| </details> | ||
|
|
||
| Future versions will also support connection events that occur in NetBird agents (e.g., peer A connected to peer B). | ||
|
|
||
| <Note> | ||
| The `unknown`name or `[email protected]` e-mail address. | ||
| In the activity event store, the system keeps the deleted user information encrypted. If the encryption key has been corrupted or lost, | ||
| then the events returned by the API could show as `[email protected]` for the e-mail address field and as `unknown` for the name field. | ||
| If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in | ||
| the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file. | ||
| The `unknown` name or `[email protected]` email address may be displayed in the activity event store if the encryption key has been corrupted or lost. This issue is most relevant for self-hosted setups. In this case, the events returned by the API could show `[email protected]` for the email address field and `unknown` for the name field. | ||
|
|
||
| If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the <b>DataStoreEncryptionKey</b> field in the `management.json` backup file. | ||
| </Note> | ||
|
|
||
| ## Enable activity event streaming to SIEM systems | ||
| ## Enable Activity Event Streaming to SIEM Systems | ||
|
|
||
| NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them. | ||
|
|
||
| NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. | ||
| With this feature enabled you can monitor and analyze NetBird network changes in your SIEM system. | ||
| Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and | ||
| how to enable them. | ||
| ## Get Started | ||
|
|
||
| ## Get started | ||
| <p float="center" > | ||
| <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button> | ||
| </p> | ||
|
|
||