Ship Jumpcloud logs to Logz.io.
Collects Jumpcloud events every time interval, using the Jumpcloud API given in the configuration, and sends them to Logz.io.
Download the logzio/logzio-jumpcloud image:
docker pull logzio/logzio-jumpcloud
Create a local directory and move into it:
mkdir logzio-jumpcloud
cd logzio-jumpcloudCreate and edit the configuration file and name it config.yaml in the logzio-jumpcloud folder that was created earlier. There are 2 sections of the configuration:
logzio
| Parameter Name | Description | Required/Optional | Default |
|---|---|---|---|
| url | The Logz.io Listener URL for your region with port 8071. https://listener.logz.io:8071 | Required | - |
| token | Your Logz.io log shipping token securely directs the data to your Logz.io account. | Required (also avilable via Environment variables) | - |
Jumpcloud
| Parameter Name | Description | Required/Optional | Default |
|---|---|---|---|
| jumpcloud_api | A dictionary containing the JumpCloud API configurations. | Required | - |
| start_date | The start date and time for querying the JumpCloud API in UTC time with the format of %Y-%m-%dT%H:%M:%S.%fZ. For example: 2023-05-04T12:30:00.000000Z. | Optional | The current date and time. |
| credentials | A dictionary containing the token for authenticating the JumpCloud API request. | Required (also avilable via Environment variables) | - |
| token | The JumpCloud API token. | Required | - |
| org_id | The organization ID for administered JumpCloud organizations. Needed for querying events if managing multiple organizations. | Optional | - |
| time_interval | The time interval for querying the JumpCloud API in minutes. | Optional | 5m |
Config.yaml
logzio:
url: "https://listener.logz.io:8071"
token: "<<LOGZIO_TOKEN>>"
jumpcloud_api:
start_date:
credentials:
token: "<<JUMPCLOUD_API_TOKEN>>"
settings:
time_interval:docker run --name logzio-jumpcloud -v "$(pwd)":/app/src/shared logzio/logzio-jumpcloudTo allow a more secure delivery of your API tokens you can use two environment variables exported instead of providing them in the configuration:
docker run --name logzio-jumpcloud -e LOGZIO_API_TOKEN=<<LOGZIO_TOKEN>> -e JUMPCLOUD_API_TOKEN=<<JUMPCLOUD_API_TOKEN>> -v "$(pwd)":/app/src/shared logzio/logzio-jumpcloudWhen you stop the container, the code will run until completion of the iteration. To make sure it will finish the iteration on time, please give it a grace period of 30 seconds when you run the docker stop command:
docker stop -t 30 logzio/logzio-jumpcloudAfter every successful iteration of each API call, the last start date of the next iteration will be written to a file named lastTime.txt. Each line of the file starts with the API name and ends with the last start date in UTC time with the format of %Y-%m-%dT%H:%M:%S.%fZ.
You can find the lastTime.txt file inside the mounted host directory that you have created. If you have stopped the container, you can continue from the exact place you stopped by adding the last start date to the API filters in the configuration.
Note that the last start date should also be in UTC time with the format of %Y-%m-%dT%H:%M:%S.%fZ.
- 0.0.3:
- Added support for
org_idheader in JumpCloud API requests to specify an administered organization. - Improved error handling for missing or invalid time_interval values.
- Added support for
- 0.0.2:
- Use event timestamp instead of ingested one @jmi926
- Allow usage of
LOGZIO_API_TOKENandJUMPCLOUD_API_TOKENENV variables instead of file configuration @jmi926 - Dockerfile - allow the user to be other than root @jmi926
- 0.0.1: Initial release.