Action: Write to Log

In Cloudhouse Guardian (Guardian), you can configure certain actions to occur when specific events take place. For example, you might want to keep a record of scan or policy failures for future reference. You can do that using the Write to Log action. This action lets you make note of specific events in Guardian's internal service logs. These service logs are then sent to a syslog collector of your choice.

Note: The Write to Log action requires Guardian to be connected to an external syslog collector. To connect to a syslog collector, speak with your Guardian Representative.

Tip: For an overview of actions in Guardian, including more options available to choose from, see Actions.

Action Settings

When configuring a Write to Log action, the following settings are presented:

Setting Description

Action name field A unique name for the action. This name is how you will identify this action among all others configured in your Guardian instance, so ensure it is descriptive. For example, 'Failed Policy Log' and not simply 'Policy Log'.

Setting	Description
Action name field	A unique name for the action. This name is how you will identify this action among all others configured in your Guardian instance, so ensure it is descriptive. For example, 'Failed Policy Log' and not simply 'Policy Log'.
Message field	The message to record in Guardian's internal service log when the action is triggered. To make your messages dynamic, you can include variables in this field. Variables are pieces of text that Guardian will replace with relevant data. For example, you could use the variable `{{ timestamp }}` to include the time that the action was triggered. Or, you could use the variable `{{ success }}` here to indicate whether a policy check passed or failed.

Message field

The message to record in Guardian's internal service log when the action is triggered. To make your messages dynamic, you can include variables in this field.

Variables are pieces of text that Guardian will replace with relevant data. For example, you could use the variable {{ timestamp }} to include the time that the action was triggered. Or, you could use the variable {{ success }} here to indicate whether a policy check passed or failed.

These settings are configured when adding a new action, and they can also be edited at any time through the Actions tab (Control > Events > Action). To edit an action from the Actions tab, click the Ellipses () and select Edit. Once you have made your edits, click Done to save them.

Add a Write to Log Endpoint Action

You can add a new Write to Log action from any saved view in your Guardian instance. Each saved view represents a specific event determined using a query on the Events page. The saved view you select during this configuration determines the corresponding event that triggers your new action. For more information, see Saved Views.

To add a Write to Log action, complete the following process:

Tip: For help completing any of the following fields, refer to their respective descriptions in the Action Settings table above.

Navigate to the Events tab (Control > Events).
Click the Saved Views button at the top of the page. The Saved Views side panel is displayed.
Select the event you want to trigger your new action. The saved view for that event is displayed.
Click the Actions tab to display all existing actions configured for this event.
Click the Add Action button. The Add New Action page is displayed.
Click Write to Log. The required fields are displayed.
Enter an Action Name.
Enter a Message.

Tip: Once you have entered a message, you can view a preview of the message that will be sent as part of this action. You can use this preview to test any variables you may have used. To view a preview message, click Preview.
Click Done.

Now, a confirmation dialog is displayed and you are redirected to the Actions tab for your selected saved view. Here, you can view your new action. To disable, edit, or test the action, click the Ellipses () and select the appropriate option.