Get logs with Get-HubSiemLogs
Hello,
I try to get our Hub-logs to transfer them into our Siem. To do this, in my script I first logon with a appkey and this looks ok because I get data with "Get-HubSystemSettings".
When I try to use Get-HubSiemLogs, I get always: The api call with Hub failed. (Forbidden).
To configure the access via powershell I found this docs:
https://blog.devolutions.net/2021/05/new-feature-password-hub-business-powershell-module/#access-password-hub-business-with-hub-powershell-module
https://docs.devolutions.net/server/web-interface/administration/security-management/applications/
What need I to do to get the logs?
Thanks
Bjoern
All Comments (3)
Hello Bjorn,
Thank you for contacting the Devolutions support team.
I have tested this command on version 2025.3.0 and obtained numerous results.
Are you using the latest version of the module?
Could you execute the command Get-HubVault after connecting with the application identity?
Do you still have the same API error?
Does the application identity have permission to get those logs or vaults?
It could be set under Administration -> System permissions.
Best regards,
Patrick Ouimet
Hello Patrick,
thanks - it was the missing right to view the logs, now I see the logs :-)
Now I have the following questions:
- In the field "UserIpAddress" I see only "Devolutions.Hub.Clients.LogIpAddress" - is there a way to get the real address?
- Exists a documentation about the syntax or structure of the logs, example the "Arguments" field?
Bjoern
Hello Bjoern,
Thank you for this feedback.
If the User ID is "00000000-0000-0000-0000 000000000000", the UserIPAddress will be the "Devolutions.Hub.Clients.LogIpAddress".
However, if the User ID return another value, you will have the IP related to this connection.
You can use a transcript to get the results in your terminal.
Best regards,
Patrick Ouimet