Your Canary Console can send audit trail records to your webhook or syslog collector as soon as they happen. The steps in this article will show you how to easily enable audit trail notifications on your generic webhooks, Splunk webhook or your syslog integration.
Audit trail notifications are only available on global channels (global webhooks and Syslog) and include all audit trail events.
Generic webhooks
Once you have a generic webhook (which can be created by following the steps in this guide), follow these steps to enable audit trail notifications.
- Click on the Gear in the top right of the page.
- Click on Global Settings to go to the Global Settings page.
- Click on Webhooks to expand the webhooks section.
- Click on the webhook for which you want to enable audit trail notifications.
5. Toggle the Receive Audit Trail Notifications setting.
Splunk webhooks
Once you've set up a Splunk webhook (following the steps in this guide), follow these steps to enable audit trail notifications.
- Click on the Gear in the top right of the page.
- Click on Global Settings to go to the Global Settings page.
- Click on Webhooks to expand the webhooks section.
- Click on the Splunk webhook for which you want to enable audit trail notifications.
5. Toggle the Receive Audit Trail Notifications setting.
Syslog
Once syslog has been enabled on your console (by following this guide) you can enable audit trail notifications by following these steps:
- Click on the Gear in the top right of the page.
- Click on Global Settings to go to the Global Settings page.
- Click on Syslog to expand the syslog section.
- Toggle the Receive Audit Trail Notifications setting.