Monitor system and network activity
The activity monitoring feature lets you quickly see what's happening with your network. Whether a new machine or user joined your network or the access control policy has been modified, the activity log allows you to track the changes to your network.
Access activity monitoring view
Activity monitoring is enabled by default for every network, and you can access it in the web UI under the Activity tab. You can also use the search bar to filter events by activity type.
The current version of NetBird tracks network changes that occur in the Management server. E.g., changes related to the list of peers, groups, system settings, setup keys, access control, etc. The future versions will support connection events that occur in NetBird agents (e.g., peer A connected to peer B).
The unknownname or unknown@unknown.com e-mail address.
In the activity event store, the system keeps the deleted user information encrypted. If the encryption key has been corrupted or lost,
then the events returned by the API could show as unknown@unknown.com for the e-mail address field and as unknown for the name field.
If the configuration files have been generated by the configure.sh script, you can find the previous encryption key in
the backup files in the same folder as the script. Look for the DataStoreEncryptionKey field in the management.json backup file.
Enable activity event streaming to SIEM systems
NetBird can stream activity events to your Security Information and Event Management (SIEM) system in real-time. With this feature enabled you can monitor and analyze NetBird network changes in your SIEM system. Check the integrations guide for more information about the supported integrations and how to enable them.
Get started
- Make sure to star us on GitHub
- Follow us on Twitter
- Join our Slack Channel
- NetBird latest release on GitHub