unable to find role to forward activity log

jalogisch
jalogisch
Community Member

We read the Blog post about sending the activity logs to splunk and have some kind of audit log available. ( https://blog.agilebits.com/2018/05/11/1password-splunk/ ) Now we would like to try this on our own and started to create a user that is able to read the activity log that is described here ( https://support.1password.com/activity-log/ ) but we are not able to find the role that need to be added.

Is this maybe beta or not yet published?

It would be great if the ability to forward the activity log to some kind of log management solution would be made as easy as possible. Because it is essential to have all data in a central place for a security aware company.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @jalogisch,

    This should be available to anyone using 1Password Teams Pro or 1Password Business. The role you need to give the custom group is "View Admin Console." That will allow a user that's in that custom group to view the activity log and fetch them via the command line tool.

    It would be great if the ability to forward the activity log to some kind of log management solution would be made as easy as possible.

    I agree, and we've been talking internally about how we could take this to the next level both from the ease of use perspective and from a power perspective.

    I hope this helps.

    Rick

  • jalogisch
    jalogisch
    Community Member

    Thank you for that hint @rickfillion

    I'll look into this and try to make this work for us.

    Maybe it would be usefull to provide them with a protocoll that can work with TLS without a problem. Beats or GELF just to name two possible options.

  • Maybe it would be usefull to provide them with a protocoll that can work with TLS without a problem. Beats or GELF just to name two possible options.

    I'm not sure what you mean by this. Could you elaborate?

    Thanks

    Rick

  • jalogisch
    jalogisch
    Community Member

    Hej Rick,

    sorry I'm deep in the field of log processing and management and forget that you might need a little more information on that.

    When you want to deliver your logs over the public network (what would happen if you create the option to enable audit log forwarding) that should be secured by transport. Syslog for example does not allow that, only specific modifications can work with TLS.

    Thinking about this, for you it would be the easiest to make a little "transport" deamon that can be located anywhere but connects to your API to get the information and writes that somewhere. Maybe creating a beat ( https://www.elastic.co/products/beats ) that reads only the 1password audit log and then forward it would be the most useful.

    If you like to chat about those possible options, just drop me a note (I'm working for Graylog ( https://www.graylog.org/ )) and we can talk.

    regards
    Jan

  • Beats is interesting, I hadn't heard of that before. Thanks.

    Rick

This discussion has been closed.