How to Mirror the WordPress Activity Log to a Syslog Server

You are here:
Back

Syslog is a messaging standard which is typically used to centralize the logs of all the devices and software that is running on your network.

The WP Security Audit Log plugin can be easily integrated with Syslog so you can export the WordPress activity log to your server’s syslog or to a remote one. By mirroring the WordPress audit trail to syslog you can centralize the logging of your WordPress site with all the logs of other services, and ensure the audit trail is not tampered with and always available, even in the unfortunate case of a successful hack attack.

The process consists of two steps:

  1. Setting up a Syslog connection in the plugin
  2. Configuring the mirroring of the activity logs to Syslog

Setting Up a Syslog Connection for the Activity Log

To setup a Slack connection in the plugin:

  1. Click on DB/Archive/Mirror node in the plugin menu.
  2. Click the Create a Connection button to launch the connection setup wizard.
  3. Select Syslog from the Type of Connection drop down menu in the first step of the wizard.

Configuring a Syslog connection

  1. In the second step of the wizard specify if you want to mirror the activity logs to:
    • the web server’s syslog by selecting Write to local syslog file,
    • or a remote syslog server by selecting Send messages to remote syslog server.
  2. If you select to send the messages to a remote syslog server, specify the IP address and port of the remote syslog server in the respective placeholders.
  3. In the last step of the wizard, specify a name for the connection. Connection names are just reference for you and can be up to 25 characters long and can only consist of letters, numbers and underscores.

Configuring the Mirroring of the Activity Log to Syslog

Once the Syslog connection is setup you have to configure it as a mirroring connection by following the below instructions:

  1. Click on DB/Archive/Mirror in the plugin menu.
  2. Navigate to the Mirroring tab and click the Setup an Activity Log Mirror button.

Configuring a syslog mirroring connection

  1. In the first step of the wizard specify a name for the mirror. Names are just for your reference and can be 25 characters long, and only consist of letters, numbers and underscores.
  2. Select the Syslog connection you’ve just setup from the Connection drop down menu.
  3. In the second step of the wizard specify how often the activity log mirroring process should run.
  4. In the last step of the wizard you can configure activity log filtering rules for the mirroring connection. By default the connection is set to  Send all events option, though if you’d like to setup any filtering rules refer to configuring filtering rules for activity log mirroring connections.
  5. Click Save mirror to save the new mirroring process.

Other Integrations

Refer to the getting started guide for external databases & third party services for more information on other integrations and activity log management.