---
title: Twingate
description: Twingate provides a modern, Zero Trust alternative to corporate VPNs
breadcrumbs: Docs > Integrations > Twingate
---

# Twingate
Supported OS Integration version1.0.0  Twingate Activity LogTwingate Real-Time Activity Dashboard
## Overview{% #overview %}

[Twingate](https://www.twingate.com/) is a zero trust network access platform that allows fast growing companies to quickly and easily provide secure access to their AWS environment. By incorporating modern technologies such as NAT traversal, QUIC, private proxies, and split tunneling, Twingate can replace a traditional or cloud VPN while improving user performance and overall security.

This integration allows organizations to monitor a user's resource access activities in real time.

## Setup{% #setup %}

### Prerequisites{% #prerequisites %}

1. You have the Datadog Agent installed on the Twingate Connector server. You must be able to connect to that host and edit the files to configure the Agent and YAML Integration Configs. To install the Datadog Agent, see [Getting Started with the Agent](https://docs.datadoghq.com/getting_started/agent/).
1. You must deploy the Twingate Connector. To enable real-time connection logs, see the [Twingate documentation](https://docs.twingate.com/docs/connector-real-time-logs).

### Configure the Datadog Agent{% #configure-the-datadog-agent %}

#### Systemd Connector{% #systemd-connector %}

1. Set up [Datadog journald integration](https://docs.datadoghq.com/agent/logs/?tab=journald).
1. Replace `journald.d/conf.yaml` with the following configuration:
   ```yaml
    logs:
      - type: journald
        container_mode: true
        include_units:
          - twingate-connector.service
        service: Twingate Connection
        source: Twingate
        log_processing_rules:
        - type: include_at_match
          name: analytics
          pattern: ANALYTICS
        - type: mask_sequences
          name: remove_analytics
          replace_placeholder: ""
          pattern: "ANALYTICS "
   ```
1. Add the `dd-agent` user to the `systemd-journal` group by using `usermod -a -G systemd-journal dd-agent`.
1. Restart the Datadog Agent by running `service datadog-agent restart`.
1. Confirm that the Twingate Analytic log appears in the [Log Explorer](https://app.datadoghq.com/logs).

#### Docker Connector{% #docker-connector %}

##### Set up Datadog Docker integration for the Host Agent{% #set-up-datadog-docker-integration-for-the-host-agent %}

Add the following lines to the `datadog.yaml` configuration file:

```yaml
logs_enabled: true
listeners:
- name: docker
config_providers:
- name: docker
polling: true
logs_config:
container_collect_all: true
container_exclude: ["image:.*"]
container_include: ["image:twingate/connector"]
```

- Add the `dd-agent` user to the `docker` group by using `usermod -a -G docker dd-agent`.
- Restart the Datadog Agent by running `service datadog-agent restart`.

##### Set up Datadog Docker integration for the Container Agent{% #set-up-datadog-docker-integration-for-the-container-agent %}

Add additional parameters `-e DD_CONTAINER_EXCLUDE="image:.*"` and `-e DD_CONTAINER_INCLUDE="image:twingate/connector"` in the docker run command.

```shell
docker run -d --name datadog-agent \
           --cgroupns host \
           --pid host \
           -e DD_API_KEY=xxx \
           -e DD_LOGS_ENABLED=true \
           -e DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL=true \
           -e DD_CONTAINER_EXCLUDE="image:.*" \
           -e DD_CONTAINER_INCLUDE="image:twingate/connector" \
           -v /var/run/docker.sock:/var/run/docker.sock:ro \
           -v /var/lib/docker/containers:/var/lib/docker/containers:ro \
           -v /proc/:/host/proc/:ro \
           -v /opt/datadog-agent/run:/opt/datadog-agent/run:rw \
           -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
           gcr.io/datadoghq/agent:latest
```

##### Set up Twingate Connector with additional docker parameters{% #set-up-twingate-connector-with-additional-docker-parameters %}

Add the label `com.datadoghq.ad.logs` to the Twingate Connector docker run command:

```shell
docker run -d --sysctl net.ipv4.ping_group_range="0 2147483647" \
  -l "com.datadoghq.ad.logs"='[{"service":"Twingate Connection","source":"Twingate","log_processing_rules":[{"type":"include_at_match","name":"analytics","pattern":"ANALYTICS"},{"type":"mask_sequences","name":"remove_analytics","replace_placeholder":"","pattern":"ANALYTICS "}]}]' \
  --env TENANT_URL="https://xxx.twingate.com" \
  --env ACCESS_TOKEN="xxx" \
  --env REFRESH_TOKEN="xxx" \
  --env TWINGATE_LABEL_HOSTNAME="`hostname`" \
  --name "twingate-golden-seal" \
  --restart=unless-stopped \
  $(docker run --help | grep -- --pull >/dev/null && echo "--pull=always") twingate/connector:1
```

**Note**: The Twingate Connector container needs to be recreated to add the new label

### Twingate Analytics Dashboard{% #twingate-analytics-dashboard %}

1. Go to the Datadog [Dashboard List](https://app.datadoghq.com/dashboard/lists).
1. Search for the Twingate Analytics dashboard.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Twingate Support](https://help.twingate.com/hc/en-us).

## Further Reading{% #further-reading %}

- [Monitor network access with Twingate's offering in the Datadog Marketplace](https://www.datadoghq.com/blog/monitor-network-access-with-twingate/)