Ivanti Connect Secure gives employees, partners and customers secure and controlled access to corporate data and applications. The applications include file servers, web servers, native messaging, and hosted servers outside your trusted network.
This integration parses the following types of logs:
Web Requests : Logs provide information about client requests to web-based resources, including successful, failed, blocked, denied, and unauthenticated requests.
Authentication : Logs provide information about login-related events, SSL negotiation failures, and remote address change events.
Connection : Logs provide information about connections, including details on bytes transferred, duration, hostname, and IP addresses.
VPN Tunneling : Logs provide information about ACL-related activity, as well as VPN session related events.
Statistics : Logs provide information into system usage, including concurrent users, and other performance metrics.
Administrator Activities : Logs provide information on actions performed by administrators, such as logins, configuration changes, and system management tasks.
Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, ready-to-use Cloud SIEM detection rules are available to help you monitor and respond to potential security threats effectively.
To install the Ivanti Connect Secure integration, run the following Agent installation command in your terminal, then complete the configuration steps below. For more information, see the Integration Management documentation.
Note: This step is not necessary for Agent version >= 7.59.0.
Ensure traffic is bypassed from the configured port if the firewall is enabled.
Port already in use:
If you see the Port <PORT_NUMBER> Already in Use error, see the following instructions. The following example is for port 514:
On systems using Syslog, if the Agent listens for events on port 514, the following error can appear in the Agent logs: Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use. This error occurs because by default, Syslog listens on port 514. To resolve this error, take one of the following steps:
Disable Syslog.
Configure the Agent to listen on a different, available port.