.svg)
Before connecting Graylog to Enpass in the Admin Console, you need to set up a GELF HTTP input in Graylog to receive the incoming logs and generate a secret token for authentication. Follow the steps below, then return to Integrate with SIEM Tools to complete the integration.
Step 1: Create a GELF HTTP Input in Graylog
-
Log in to your Graylog instance and navigate to System > Inputs.
-
From the input type dropdown, select GELF HTTP and click Launch new input.
-
In the configuration modal, fill in the following:
-
Title: A descriptive name for this input (e.g.,
Enpass-Event-Logs) -
Port: A unique port number (e.g.,
12201) -
Enable Bulk Receiving: Check this box
-
Authorization Header Name:
Authorization -
Authorization Header Value:
Bearer <secret_token>
Replace
<secret_token>with a secure random string you generate yourself (e.g.,my-secure-random-token-12345). Save this token — you will need it when configuring the integration in the Enpass Admin Console. -
-
Leave all other fields at their default values.
-
Click Launch input.
Step 2: Note Your Endpoint URL
Once the input is created, your Graylog GELF HTTP endpoint will be available at:
http://<graylog-ip>:<port>/gelf
Save this URL along with your secret token. You will enter both into the Enpass Admin Console in the next step.
Next Step
Return to Integrate with SIEM Tools | Graylog to complete the integration in the Enpass Admin Console.
Related Pages
-
Event Logs & SIEM Integration — How to enable and manage event log collection
-
Event Categories & Field Reference — Full breakdown of every tracked event by category