Skip to main content

How to Forward Cado System and Processing Logs to SIEMs

Log Location

Cado logs live under /var/logs/cado - A forwarding agent (e.g. Splunk Universal Forwarder) can be installed to forward logs from this location.

CloudWatch in AWS

If the platform has the necessary IAM and network permissions to send logs to CloudWatch, both application and operating system logs are forwarded to the following locations:

"log_group_name": "/var/logs/cado",
"log_stream_name": "cado-logs-all"

Forwarding full Cado analysis output to Cloudwatch

If SIEM forwarding is enabled (Settings > SIEM), all output is also forwarded to CloudWatch so long as the agent has access to CloudWatch.