How-To: Export EZSSH Logs to Kafka

Learn how to monitor your SSH access requests by sending all security logs to your Kafka SIEM provider.

Prerequisites

  1. Registering the application in your tenant
  2. Selecting a Plan

How To Export Your EZSSH Audit Logs To Kafka

How To Enable Log Export in EZSSH Portal

  1. Go to the EZSSH Portal.

  2. Click on Settings.

    EZSSH Agentless JIT Access portal dashboard with Settings item highlighted in the left navigation sidebar

  3. Expand your subscription’s Advanced Settings.

    EZSSH Agentless JIT Access subscription settings page showing Advanced Settings section with expand arrow highlighted

  4. Enable the Send Audit Logs to SIEM option.

    EZSSH Agentless JIT Access Advanced Settings panel with Send Audit Logs to SIEM checkbox highlighted

How To Configure the Kafka Exporter in the Kafka Portal

  1. Open your Kafka instance in another window.

  2. Identify your Kafka topic name and note it down.

  3. Verify authentication support:
    Ensure your Kafka server supports Plaintext SASL Authentication.

  4. Gather credentials:
    Note the SASL username and password required for authentication.

How To Configure the Kafka SIEM in EZSSH Portal

  1. Now go back to the EZSSH Portal.

  2. Select Kafka as the SIEM Provider.

    Set Kafka as the SIEM in EZSSH

  3. Input the values that you copied from the Kafka portal. Then, click Test Connection. This will create a test log in your Kafka SIEM (please allow a few minutes for the log to show up in the Kafka portal).

    Kafka Paste Values and Test Connection

  4. If the connection test is successful, click Save Changes.

    EZSSH Settings Save Changes

  5. EZSSH will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators. See below to see the different events EZSSH will send.