About the SSH key usage data collection process

The log collection process involves the following:

1. Installing agents on the servers from where you want to collect the SSH logs. Configure Agentless servers to transfer their logs to another server that has both a logging system and the agent installed.

2. Configuring a central logging system to forward SSH key logs to Server Agent.

   NOTE  Refer to the document https://support.venafi.com/hc/en-us/articles/215911487 for information on how to configure the event logging system to collect SSH logs.

3. Configuring Work in Trust Protection Platform to periodically receive the SSH logs from the SSH servers. See Configuring SSH key usage log collection.
4. The agent receives work from Trust Protection Platform. Refer to the topic, Configuring SSH key usage log collection.
5. The agent starts listening for the SSH logs through port TCP 689.
6. The agent receives the logs and temporarily stores them. The logs are sent to Trust Protection Platform according to the schedule set in SSH key usage configuration.

About the SSH key usage data report

The SSH Key Usage report is available under Reports. The report enables administrators to analyze the data and, if required, take appropriate action on the keys based on the usage report. Refer to the topic, Analyzing the Key Usage data report for details.