Skip to main content

Logs

In this section, our logs are covered under 4 main headings: Client Logs, * *System Logs**, Access Logs, and Access Control Logs. These are detailed logs of Keycyte PAM, and Keycyte PAM can send these logs to applications such as SIEM or Log Collector via syslog over TCP or UDP.

Client Logs

In the Client Logs section, detailed records of connection attempts made by users when accessing servers are displayed. These logs are organized in Date Time, Username, Category, Severity, and Message columns. The system records connection failures and error conditions in real-time.

ERROR levels in the Severity column indicate failed connection attempts. These records include different error types such as "Connection timed out", "Target server not found", and "Session conflict occurred". The Message column details the protocol type (RDP, SSH, VNC, WEBAPP), target server IP address, and account information used.

Client logs are critically important for detecting and resolving technical problems encountered by users. They also provide important data for monitoring suspicious connection attempts and detecting security breaches.

System Logs

In the System Logs section, comprehensive records of operations performed in Keycyte PAM's admin interface are located. These logs are detailed in Date Time, Username, Category, Severity, Type, and Message columns. Keycyte PAM continuously records which account administrators used to log into the admin interface in the Username field and the management interface operations they performed.

Different system module operations such as "passwordvault" and "servermanager" are displayed in the Category column. Specific operation types such as "passwordcopy", "changepassword", "verifypassword" are specified in the Type column. The Severity level is divided into INFO and ERROR, with successful operations recorded as INFO and failed operations as ERROR.

Operations and possible error conditions are clearly indicated in the Message column. These logs provide valuable data for monitoring system health and performance optimization.

Access Logs

In the Access Logs section, detailed records of authentication processes of users logging into the Keycyte PAM interface are found. These logs are organized in Date Time, Username, Client Address, Method, Type, and Message columns. The system records all login attempts as successful or failed.

Both local users (master) and domain users (teamco@teamco.local) are displayed in the Username column. The Client Address column shows users' IP address information, and the Method column indicates authentication methods (keycyte, ldap). Admin and client access types are separated in the Type column and classified according to user levels.

All successful logins are recorded as "Authentication Success" in the Message column. These logs are critically important for monitoring user activities, detecting unauthorized access attempts, and conducting security audits.

Access Control Logs

In the Access Control Logs section, records of Keycyte PAM's ticket system and approval processes are located. This section includes Admin, User, Type, Object, Action, Request Date, Start Date, and End Date columns. The system records access requests and approval processes in server roles with active Permission feature in detail.

Administrators who approve access requests are displayed in the Admin column, and users who send requests are displayed in the User column. The request type (server, password, etc.) is specified in the Type column, and the requested resource is indicated in the Object column. The approval status (approved, denied, pending) is shown in the Action column.

Request Date, Start Date, and End Date columns track when the access request was sent, approved, and when the validity period expires. These logs are critically important for compliance audits and ensure traceability of all privileged access.

Access control logs are the primary data source for implementing the zero trust security model and subjecting all privileged access to approval processes. These records enable organizations to evaluate their compliance with security policies.