Dominic R
7bdbfade30
* website/docs: add Splunk event forwarding docs Add Splunk HEC event forwarding under system event docs and keep the Splunk integration guide focused on SAML. Closes: #22223 Agent-thread: https://sdko.org/internal/thr/ak/019ea8d4-d4e4-7fc3-b3b6-aa8a16bd8d40 A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent <agent@svc.sdko.net> * website/docs: move Splunk event forwarding guide Move the Splunk event forwarding guide into integrations and add an Events log forwarding overview that links to it. Agent-thread: https://sdko.org/internal/thr/ak/019eb29e-1b34-7681-b887-e03907dac184 A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent <agent@svc.sdko.net> * website/integrations: remove Splunk HEC port Use the generic splunk.company HEC endpoint in the Splunk event forwarding guide instead of hardcoding a deployment-specific port. Agent-thread: https://sdko.org/internal/thr/ak/019eb29e-1b34-7681-b887-e03907dac184 A7k-product: product A7k-product-repo: 3 Co-authored-by: Agent <agent@svc.sdko.net> * Update website/docs/sys-mgmt/events/log-forwarding.mdx Signed-off-by: Dewi Roberts <dewi@goauthentik.io> --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Agent <agent@svc.sdko.net> Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
1.4 KiB
title
| title |
|---|
| Events |
Events are authentik's built-in logging system. Every event is logged, whether it is initiated by a user or by authentik.
Certain information is stripped from events to ensure that no passwords or other credentials are saved in the log.
About notifications
Events can be used to define notification rules, with specified transport options of either local (shown in the authentik UI), email, or webhook.
About logging
Event logging in authentik provides several layers of transparency about user and system actions, from a quick view on the Overview dashboard, to a full, searchable list of all events, with a volume graph to highlight any spikes, in the Admin interface under Events > Logs.
Refer to our Logging documentation for more information.
Event retention and forwarding
The event retention setting is configured in the System > Settings area of the Admin interface, with the default being set to 365 days.
If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention time period to a short time frame (for example, days=1).
If you want to forward authentik events to another system, see Log forwarding.