In each of our Twistlock releases, we publish some truly remarkable features to improve our key platform pillars.

In the latest release, we added cool capabilities like our Cloud Native Application Firewall enhancements, serverless security features, and the awesomely-good-looking image vulnerabilities by layer feature.

Then there are things which, whilst important, are just dull — like audit. No one likes audit. Even people working in audit don’t like audit. It’s the frayed, grey cardigan of the IT world. Yes, audit is important. Yes, it’s a fundamental part of IT security. Yes, I’d rather be watching paint dry.

However, I am a professional (which probably comes as a shock to most of you reading), I will not be placed in the blog writing equivalent of the boredom room! Twistlock isn’t getting rid of me that easily. I will not be cowed into writing a sensible post!

So, join me friends and come with me on a voyage of discovery, of dashing daring-do and, perhaps, romance!

Syslog data at your fingertips

In addition to our integrations with Jira, Slack or even sending emails to people about alerts, syslog remains the core integration with our customers’ centralised logging, SIEM tooling, and alerting software. Syslog is time served – it’s robust, people already have the mechanisms in place etc.

From the beginning we have seen this benefit and log direct to syslog. We do so in a standard format and by connecting to the syslog socket /dev/log.

In our 2.3 release we have made it easier to setup – you can now do so directly in Console. In addition, you can setup verbose logging to capture all vulnerability and compliance issues, as well as all process information.

(That was the voyage of discovery)

Feature overview

Twistlock always made this data available via our extensive API, but customers asked for the data to go to syslog. So, now it can go to syslog! Every product release is driven by our customers, and this addition is a great feature request we’re proud to add.

Above, you can see the syslog configuration tab. Now, users can look at our documentation for the syslog patterns for each event that comes from a Defender:

  1. Container runtime audit
  2. Access audit
  3. Application firewall
  4. Network firewall
  5. Process audit

Twistlock also includes each event from Console:

  1. Container scan
  2. Image scan
  3. Host scan
  4. Registry scan
  5. Compliance Issue
  6. Vulnerability Issue

You can have that alerting, logging, SIEM integration, etc. routed appropriately!


Even though this post is a little cavalier, logging is an essential part of any security solution. With our standardised output and clear documentation it’s a simple process to put in place a robust solution for your environment.

Already got Twistlock? Then give our world-class support a shout ( and they’ll be happy to walk you through it. Interested in seeing a demo or trying out the market leading cloud native security software? Ping me or visit:

← Back to All Posts Next Post →