Bamboo Pulling audit logs into a SIEM

Cesar Garcia January 30, 2020


We need to collect audit logs bamboo since app SIEM

1 answer

0 votes
Jeyanthan I
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 30, 2020

Hey @Cesar Garcia ,

Upon googling, I found SIEM refers to Security information and event management. It's not clear what exactly you're looking for. Could you please elaborate your requirement?

I suggest you check the Bamboo audit_log table in the database. That table holds the plans, deployment audit logs and more.

Cheers, Jey

Cesar Garcia February 3, 2020

Hi Jey, thank you very much for the answer, yes SIEM is a security management tool.
So we are needing to collect user events, we check the audit log table and it only shows the project events. 

do you know where can we collect user events?

Jeyanthan I
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 6, 2020

Hi @Cesar Garcia ,

Usually, all user events are captured in access.log and catalina.out (in Linux based distro only) under <bamboo-install>/log

If your intention is to capture user permission changes, Bamboo doesn't  track that in the Audit Log. We're tracking this as a bug in BAM-16201: Audit log doesn't record permission changes. Please cast your vote.

Hope that helps.

Cheers,
Jey

Like Cesar Garcia likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events