How to enable Service tunnel Discovery and Logging

Customers wanted to track each time a user accessed the Service Tunnel. This helps administrators see and manage the services used by their users through the tunnel.

Before enabling, please ensure the following requirements are met:

• Service Tunnel is enabled.
• Access Tier version 2.2.0 or higher.
• Enabled on each Netagent.
• Log size and rollover follow Netagent’s advanced settings.

You can enable Service Tunnel discovery and logging via your API tool, in this scenario we will be using Postman.

1. Download this postman collection:

Please request the Postman collection from your CSE and import the collection into your API tool.

2. Get the list of access tiers:

• Choose the "GET" method.
• Use this URL: https://net.banyanops.com/api/v2/access_tier

For authorization, choose "Bearer token" and enter the API key generated from the Command Center with "Admin Scope."

Note: To generate the API key with an Admin scope from the command center, please go to settings > API key > Add API key > enter a name, and description select “Admin” on the scope, and click on Add API key.

Find the API  name on the list and you will see the option to copy and paste the secret value where it says “Token”

• After clicking "send," please find the access tier that is forwarding the service tunnel traffic and copy and paste the “Access tier ID”

3. You are ready to enable the ST discovery and logging: 

• Choose the "PUT" method.
• Use this URL: https://net.banyanops.com/api/v2/access_tier/{{access-tier-id}}/config

Replace {{access-tier-id}} for the ID you got when listing the access tier info.

• For authorization, choose "Bearer token" and enter the API key generated from the Command Center with "Admin Scope."

On the body, make sure “service_discovery_enable" and "enable_service_tunnel_log" are set to true. And click on “send” you should receive a 200 code indicating it was successfully activated.

• Then, please restart the access tier and you will be ready to collect the logs.

To collect the logs, SSH to the access tier, Go to the folder, /var/log/banyan/.

Each access event is recorded on Netagent’s disk and contains the following information:

{“protocol”: “tcp”,
  “email”: “sam@banyansecurity.io”,
  “device_serial_number”: “J4H3C62G4T”,
  “service_tunnel_id”: “5a8eb945-472d-4a4c-978f-6baa0d6bcce1",
  “source_ip”: “10.167.0.2",
  “source_port”: 61007,
  “destination_ip”: “10.128.0.37”,
  “destination_port”: 22,
  “timestamp”: 1674258163559875300,
  “accesstier_name”: “xyz-service-discovery-test”}

Further Reading 

Service tunnel access logs https://docs.banyansecurity.io/docs/securing-networks/access-logs/