Integrating PAM360 with ManageEngine Log360
This document discusses the process of integrating PAM360 with ManageEngine Log360. At the end of this document, you will have learned the following:
- Key benefits of integration
- How does the integration work?
- Prerequisites for performing the integration
- Steps to configure the integration in Log360
- Steps to enable Log360 integration in PAM360
1. Key Benefits of Integration
ManageEngine PAM360 integrates with ManageEngine Log360, an end-to-end log management solution that facilitates log collection, custom log parsing, and complete log analysis with reports.
The PAM360-Log360 integration allows you to consolidate and visualize the log data for remote sessions initiated from the PAM360 interface. To check these logs within PAM360, go to Audit >> Recorded Connections and view the Activity Log column beside any resource name.
Note: Currently, log data collection through the PAM360-Log360 integration is available only for Windows RDP sessions.
2. How Does the Integration Work?
Log360 sources data from PAM360 via its API using your server details and login credentials. The log data sent to Log360 from PAM360 is updated periodically and visualized for better comprehension. Once the integration is complete, you will be able to view the list of active and closed remote sessions, a complete overview of the events carried out during the remote sessions, and the machine log details, right from the PAM360 interface.
3. Prerequisites for Performing the Integration
Execute the following commands in the Windows device for which a remote session will be initiated from PAM360. These commands have to be executed in every device for which a remote session will be launched from PAM360 for the first time. After the first time, you don't need to execute the commands again for future remote sessions. This can also be executed through a bulk GPO update on all the target end-points. These commands allow the log data to be sent from the particular Windows machine to Log360.
Open a command prompt from an Administrator account and execute the following:
- auditpol /set /category:"Account Logon" /success:enable /failure:enable
- gpupdate /force
4. Steps to Configure the Integration in Log360
Before you enable the Log360 integration in PAM360, follow the below configuration steps in the Log360 console to optimize Log360 to receive the log data from PAM360.
4.1 Add PAM360 and Resource as Devices in Log360
- Navigate to Log360 >> EventLog Analyzer.
- Add the following devices to the Log360 console:
- Add the PAM360 server.
- Add all the resources for which a remote session will be launched from PAM360 and for which the corresponding logs to be collected from Log360.
- Please note that the resources/devices can be manually added using the discovery funtion in Log360. Click here for more information on workgroups in Log360.
- In Log360 >> EventLog Analyzer, navigate to Settings >> Manage Application Sources >> Other Application Sources >> ManageEngine Apps >> PAM360.
- Here, choose the machine in which PAM360 is running and click Add.
4.3 Enable Activity Rules for PAM360 Sessions
- In Log360 >> EventLog Analyzer, navigate to Correlation >> Manage Rules >> Activity Rules.
- Click the red icon beside PMP Sessions to enable activity logs for remote sessions taken via PAM360.
Once you have completed the steps as instructed above, you can proceed to the next step and enable the Log360 integration in PAM360.
5. Steps to Enable Log360 Integration in PAM360
In the PAM360 console, follow the below steps to enable the integration:
- Navigate to Admin >> Integration >> ManageEngine. You will see a consolidated view of all ManageEngine products integrated with PAM360.
- In the page displayed, you will see the Log360 block with any of the below options based on whether you have disabled or enabled the integration, respectively:
- Click Enable and configure the following details:
Buttons and Definitions:
Sl. No: Button Definition
You will see this option if the integration is disabled. Click this button to enter required details of the Log360 server and enable integration.
You will see this option if the integration is enabled. Click this button to update the Log360 host name and port details.
You will see this option if the integration is enabled. Click this button to disable the integration.
- Enter the host name (the host machine in which Log360 is running)
- Enter the port
- User Name
- Click Enable. PAM360-Log360 integration is complete. Now, when a remote session is initiated via PAM360, all the events will be recorded in Audit >> Recorded Connections under the Activity Logs column.
Note: Once Log360 integration is enabled under Admin >> Integrations >> ManageEngine, the SIEM integration for Log360 will also be enabled automatically under Admin >> Integrations >> SIEM Integration. This is to ensure that all the log details from PAM360 are sent to Log360 in the form of syslogs.
To ensure that the Log360 integration works smoothly, it is recommended that the SIEM integration with Log360 is always enabled.Click here for more information on SIEM integration.