How-To: Export your RADIUS Logs to Datadog

EZRADIUS enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your RADIUS logs to Datadog.

Prerequisites

How To Export Your Cloud RADIUS Audit Logs To Datadog

How To Enable Log Export in EZRADIUS Portal

  1. Go to your EZRADIUS Portal.

  2. Click on Settings.

    EZRADIUS Settings

  3. Scroll down to SIEM Settings and enable the Send Audit Logs to SIEM option.

    EZRADIUS Send Audit Logs to SIEM checkbox

How To Configure the Datadog Exporter in the Datadog Portal

  1. In another tab, go to the Datadog Logs API docs: Datadog Docs.

  2. Look on the top right and check that you have the correct Datadog site selected.

    Getting HTTP endpoint from Datadog Docs

  3. Select the correct site, then copy the corresponding URL.

    Finding HTTP endpoint from Datadog Docs

  4. Now go to your Datadog Instance. Here you will find your personal settings.

    Datadog account menu and user settings

  5. Hover over your username and click the API Keys option.

    Datadog API keys tab in user settings

  6. Then click the + New Key button

    Datadog API keys page with + New Key button

  7. Give your key a name and click on the Create Key button

    Datadog dialog to name and create a new API key

  8. Copy your key and hit the Finish button.

    Datadog screen showing newly created API key ready to copy

How To Configure the Datadog SIEM in EZRADIUS Portal

  1. Now go back to the EZRADIUS Portal.

  2. Select Datadog as the SIEM Provider.

    Set Datadog as the SIEM in EZRADIUS

  3. Input the values that you copied from the Datadog portals. Then, click Test Connection. This will create a test log in your Datadog SIEM (please allow a few minutes for the log to show up in the Datadog portal).

    Datadog Paste Values and Test Connection

  4. If the connection test is successful, click Save changes

    EZRADIUS Settings Save Changes

  5. EZRADIUS will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators. See below to see the different events EZRADIUS will send.

How To Create Alerts in Datadog to Monitor Your Cloud RADIUS Activity

Using a SIEM enables you to create alerts for critical operations or abnormal behavior. We recommend setting up alerts for any high criticality event, and closely monitor medium and low events. Below are sample queries for the Administrator events.

service:EZRadius @event_type:EZRadiusAdministrator @Action:SubscriptionUpdated