--- title: Ivanti Connect Secure description: Gain insights into Ivanti Connect Secure logs. breadcrumbs: Docs > Integrations > Ivanti Connect Secure --- # Ivanti Connect Secure Supported OS Integration version1.2.0 Ivanti Connect Secure - OverviewIvanti Connect Secure - Web RequestsIvanti Connect Secure - AuthenticationIvanti Connect Secure - Connection and VPN TunnelingIvanti Connect Secure - Administrator ActivitiesIvanti Connect Secure - Statistics and System Status ## Overview{% #overview %} [Ivanti Connect Secure](https://www.ivanti.com/products/connect-secure-vpn) gives employees, partners and customers secure and controlled access to corporate data and applications. The applications include file servers, web servers, native messaging, and hosted servers outside your trusted network. This integration parses the following types of logs: - **Web Requests** : Logs provide information about client requests to web-based resources, including successful, failed, blocked, denied, and unauthenticated requests. - **Authentication** : Logs provide information about login-related events, SSL negotiation failures, and remote address change events. - **Connection** : Logs provide information about connections, including details on bytes transferred, duration, hostname, and IP addresses. - **VPN Tunneling** : Logs provide information about ACL-related activity, as well as VPN session related events. - **Statistics** : Logs provide information into system usage, including concurrent users, and other performance metrics. - **Administrator Activities** : Logs provide information on actions performed by administrators, such as logins, configuration changes, and system management tasks. Visualize detailed insights into these logs through the out-of-the-box dashboards. Additionally, ready-to-use Cloud SIEM detection rules are available to help you monitor and respond to potential security threats effectively. **Minimum Agent version:** 7.64.0 ## Setup{% #setup %} ### Installation{% #installation %} To install the Ivanti Connect Secure integration, run the following Agent installation command in your terminal, then complete the configuration steps below. For more information, see the [Integration Management](https://docs.datadoghq.com/agent/guide/integration-management.md?tab=linux#install) documentation. **Note**: This step is not necessary for Agent version >= 7.59.0. ```shell sudo -u dd-agent -- datadog-agent integration install datadog-ivanti_connect_secure==1.0.0 ``` ### Configuration{% #configuration %} #### Log collection{% #log-collection %} 1. Collecting logs is disabled by default in the Datadog Agent. Enable it in `datadog.yaml`: ```yaml logs_enabled: true ``` 1. Add this configuration block to your `ivanti_connect_secure.d/conf.yaml` file to start collecting your logs. See the sample [ivanti_connect_secure.d/conf.yaml](https://github.com/DataDog/integrations-core/blob/master/ivanti_connect_secure/datadog_checks/ivanti_connect_secure/data/conf.yaml.example) for available configuration options. ```yaml logs: - type: tcp # or 'udp' port: source: ivanti-connect-secure service: ivanti-connect-secure ``` **Note**: - `PORT`: Port should be similar to the port provided in **Configure syslog message forwarding from Ivanti Connect Secure** section. - It is recommended not to change the service and source values, as these parameters are integral to the pipeline's operation. 1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands.md#start-stop-and-restart-the-agent). #### Configure syslog message forwarding from Ivanti Connect Secure{% #configure-syslog-message-forwarding-from-ivanti-connect-secure %} 1. Login in to the Ivanti Connect Secure Admin Portal. 1. Navigate to **System** > **Log/Monitoring** > **Events**. 1. Click the **Settings** tab. 1. Under **Select Events to Log**, ensure all event types are selected. 1. Click **Save Changes** to apply the configuration. 1. Configure the syslog server details in the **Syslog Servers** section: - **Server name/IP**: Enter the fully qualified domain name or IP address of the syslog server in the format `:`. - **Type**: Select either **TCP** or **UDP** from the dropdown. - **Filter**: Choose **JSON: JSON** from the dropdown.After entering the required details, click **Add**. 1. Repeat steps 3 to 6 in the **User Access** and **Admin Access** tabs. ### Validation{% #validation %} [Run the Agent's status subcommand](https://docs.datadoghq.com/agent/guide/agent-commands.md#agent-status-and-information) and look for `ivanti_connect_secure` under the Checks section. ## Data Collected{% #data-collected %} ### Log{% #log %} | Format | Event Types | | ------ | --------------------------------------------------------------------------------------------- | | JSON | Web Requests, Authentication, Connection, VPN Tunneling, Statistics, Administrator Activities | ### Metrics{% #metrics %} The Ivanti Connect Secure integration does not include any metrics. ### Events{% #events %} The Ivanti Connect Secure integration does not include any events. ### Service Checks{% #service-checks %} The Ivanti Connect Secure integration does not include any service checks. ## Troubleshooting{% #troubleshooting %} **Permission denied while port binding:** If you see a **Permission denied** error while port binding in the Agent logs: 1. Binding to a port number under 1024 requires elevated permissions. Grant access to the port using the `setcap` command: ```shell sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent ``` 1. Verify the setup is correct by running the `getcap` command: ```shell sudo getcap /opt/datadog-agent/bin/agent/agent ``` With the expected output: ```shell /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep ``` **Note**: Re-run this `setcap` command every time you upgrade the Agent. 1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands.md#start-stop-and-restart-the-agent). **Data is not being collected:** Ensure traffic is bypassed from the configured port if the firewall is enabled. **Port already in use:** If you see the **Port Already in Use** error, see the following instructions. The following example is for port 514: - On systems using Syslog, if the Agent listens for events on port 514, the following error can appear in the Agent logs: `Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use`. This error occurs because by default, Syslog listens on port 514. To resolve this error, take **one** of the following steps: - Disable Syslog. - Configure the Agent to listen on a different, available port. For further assistance, contact [Datadog support](https://docs.datadoghq.com/help/).