diff --git a/public/docs-static/img/how-to-guides/activity-event-streaming/event-streaming-integration.png b/public/docs-static/img/how-to-guides/activity-event-streaming/event-streaming-integration.png index a13443bb..d21a6d08 100644 Binary files a/public/docs-static/img/how-to-guides/activity-event-streaming/event-streaming-integration.png and b/public/docs-static/img/how-to-guides/activity-event-streaming/event-streaming-integration.png differ diff --git a/public/docs-static/img/how-to-guides/activity-monitoring.png b/public/docs-static/img/how-to-guides/activity-monitoring.png index 5173e53b..1fc3cf83 100644 Binary files a/public/docs-static/img/how-to-guides/activity-monitoring.png and b/public/docs-static/img/how-to-guides/activity-monitoring.png differ diff --git a/public/docs-static/img/how-to-guides/activity-monitoring.webp b/public/docs-static/img/how-to-guides/activity-monitoring.webp deleted file mode 100644 index 6c7de1be..00000000 Binary files a/public/docs-static/img/how-to-guides/activity-monitoring.webp and /dev/null differ diff --git a/public/docs-static/img/how-to-guides/traffic-events-logging-settings.png b/public/docs-static/img/how-to-guides/traffic-events-logging-settings.png new file mode 100644 index 00000000..32968369 Binary files /dev/null and b/public/docs-static/img/how-to-guides/traffic-events-logging-settings.png differ diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx index 0b8ad8cf..e1173063 100644 --- a/src/components/NavigationDocs.jsx +++ b/src/components/NavigationDocs.jsx @@ -158,7 +158,8 @@ export const docsNavigation = [ { title: 'Activity', links: [ - { title: 'Network Activity Logging', href: '/how-to/monitor-system-and-network-activity' }, + { title: 'Audit Events Logging', href: '/how-to/audit-events-logging' }, + { title: 'Traffic Events Logging', href: '/how-to/traffic-events-logging' }, { title: 'Stream Activity Events', href: '/how-to/activity-event-streaming', diff --git a/src/pages/how-to/monitor-system-and-network-activity.mdx b/src/pages/how-to/audit-events-logging.mdx similarity index 80% rename from src/pages/how-to/monitor-system-and-network-activity.mdx rename to src/pages/how-to/audit-events-logging.mdx index 098bbdee..ea9c81b4 100644 --- a/src/pages/how-to/monitor-system-and-network-activity.mdx +++ b/src/pages/how-to/audit-events-logging.mdx @@ -1,6 +1,6 @@ -# Network Activity Logging +# Audit Events Logging -The network activity logging functionality in NetBird allows you to observe and track changes to your network infrastructure. +The Audit events logging functionality in NetBird allows you to observe and track changes to your network infrastructure. This includes events such as when a new machine or user has joined your network, when access control policies have been modified, and many other key network events. @@ -11,11 +11,11 @@ To get started with event logging in NetBird, watch this introductory video: -## Access the Activity Logging View -The activity logging feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Activity tab](https://app.netbird.io/activity). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users. +## Access the Audit Events Logging View +The audit events logging feature is enabled by default for every NetBird network. You can access the activity log in the web UI under the [Audit Events tab](https://app.netbird.io/events/audit). This view provides a centralized log of network events. You can use the search bar to search by activity name, and apply filters for timeframes, event types, and users.

- activity-monitoring + activity-monitoring

The current version of NetBird tracks a wide range of network changes that occur in the Management server, such as modifications to peers, groups, system settings, setup keys, and access control policies. @@ -120,9 +120,9 @@ Future versions will also support connection events that occur in NetBird agents If the configuration files have been generated by the `configure.sh` script, you can find the previous encryption key in the backup files in the same folder as the script. Look for the DataStoreEncryptionKey field in the `management.json` backup file. -## Enable Activity Event Streaming to SIEM Systems +## Enable Audit Events Streaming to SIEM Systems -NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them. +NetBird can stream audit events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled, you can monitor and analyze NetBird network changes within your SIEM infrastructure. Check the [integrations guide](/how-to/activity-event-streaming) for more information about the supported integrations and how to enable them. ## Get Started diff --git a/src/pages/how-to/traffic-events-logging.mdx b/src/pages/how-to/traffic-events-logging.mdx new file mode 100644 index 00000000..e1ea2e97 --- /dev/null +++ b/src/pages/how-to/traffic-events-logging.mdx @@ -0,0 +1,45 @@ +# Traffic Events Logging + + +This feature is available only in the NetBird cloud and on the [Business plan](https://www.netbird.io/pricing?utm_source=docs&utm_content=traffic-events). +It is an experimental feature, and its functionality and behavior may evolve, including changes to how data is collected +or reported. +To use this feature, ensure you have NetBird client version 0.39 or higher. + + + +The traffic events logging functionality enables comprehensive monitoring and analysis of connections across your infrastructure. +It captures network activity, including peer-to-peer, site-to-site, peer-to-resource, and other network traffic events. + +It provides detailed visibility into connections and network traffic flow, helping to answer key questions such as who initiated +the connection, what resource was accessed, when it happened, where it originated, and why it was allowed. By enhancing +network monitoring capabilities, it strengthens security measures and delivers actionable operational insights, empowering +you to better manage and secure your environment. + + +## Enabling Traffic Events Logging + +Traffic events logging is disabled by default. To enable it on the NetBird dashboard, navigate to `Settings > Networks`. +Under the Experimental section, you’ll find the `Enable Traffic Events` option. Toggle the switch to enable traffic event logging. + +By default, traffic reporting in userspace is always enabled, providing basic logging of network interactions. +However, packet size reporting at the kernel level is disabled by default to minimize CPU usage. + + +You can optionally enable `Traffic Reporting (Kernel)` to capture additional details, such as network packet sizes, +at the kernel level. Be aware that enabling this option may lead to higher CPU usage on the NetBird client. + + + +

+ traffic-events-logging-settings +

+ + +## Enable Traffic Events Streaming to SIEM Systems + +NetBird allows you to stream traffic events directly to your Security Information and Event Management (SIEM) system in real time. +By enabling this feature, you can seamlessly monitor and analyze NetBird network flow events within your existing SIEM infrastructure, +enhancing your ability to detect and respond to security events. + +For detailed instructions on supported integrations and how to set them up, refer to the [integrations guide](/how-to/activity-event-streaming). \ No newline at end of file