Getting Started with Logging

The logging component of strongDM is comprised of three main aspects:

There are two places that logging can occur: on strongDM’s servers and on individual relays. Either or both can be enabled via Settings / Log Encryption & Storage in the strongDM web UI.

Logging setup

Enable either or both strongDM and relay logging at this page. The remainder of this guide describes the logging options available for each logging location.

strongDM Logging

Logging on the strongDM servers, if enabled, includes queries, captures, and activities , all of which are available in the strongDM web UI. To view these items, visit the Queries, SSH Captures, and Activities pages in the strongDM web UI. Queries, activities, and captures stored with strongDM can also be accessed via the SDM CLI. Visit the CLI Guide for more information.

The only logging option under strongDM logging is whether or not to enable encryption. This option is detailed in the Log Encryption Guide.

For more information on viewing logs, queries, and captures that are stored by strongDM, visit the Using strongDM Logs guide.

Relay Logging

Unlike strongDM logging, relay logging includes only query and capture activity. When relay logging is enabled, it has three configuration options. The first, Local encryption?, is detailed in the Log Encryption Guide.

The Local storage? option lets you choose whether to log to STDOUT, a log file, a TCP port, or a local socket.

The final option, Local format?, lets you choose whether to log in CSV or JSON format.

For more information on the content of relay logs, and for tips on using them, visit the Using Relay Logs guide.