Forwarding Centrify Event Logs to VMware Log Insight using REST API

If you use both Centrify and VMware Log Insight, and need to pull event logs from Centrify into Log Insight (in near real-time), this tool is for you!

This tool queries the Centrify API for your tenant, pulling the most recent entries in the Event table (logins, application launches, configuration changes, etc.).  Then, it structures the event data into a syntax that can be imported to Log Insight, keeping event time accuracy and offering a series of structured fields to Log Insight to enable easy creation of dashboards, analytics queries, and so on.  All the good stuff that Log Insight offers.

I wrote this to be modular and and it should be relatively easy to adapt for other data sources and destinations.  So even if you are using only one of these two solutions, but trying to solve a similar problem, my code might be a starting point for you too.

Install this as a cron job, by scheduling run.sh on a 5 minute interval on some server.  You place some configuration in a config.py file, and that’s it.  Very simple.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

Categories

Archives

GiottoPress by Enrique Chavez