Jenkins CI/CD Integration

Overview

Jenkins is a widely used open-source CI/CD automation server. KYRA MDR collects Jenkins audit logs for monitoring build pipelines and detecting supply chain threats. Supports Jenkins 2.x with the Audit Trail plugin.

Prerequisites

• A KYRA MDR Collector installed and running
• Jenkins server with administrative access
• Audit Trail plugin installed on Jenkins
• Network connectivity from Jenkins to the collector on port 514

Configuration

Configure Jenkins Audit Trail plugin:

1. Install the Audit Trail plugin from Manage Jenkins > Plugins
2. Configure under Manage Jenkins > System > Audit Trail
3. Add a Syslog Server logger:

Setting	Value
Syslog Server	Your KYRA Collector IP
Port	514
Facility	LOCAL0
Message Format	RFC 5424

4. Click Save

Alternative: Logback Syslog Appender

If you prefer to forward Jenkins logs directly via logback (without the Audit Trail plugin), create or edit the logback configuration:

<!-- $JENKINS_HOME/logback.xml -->
<configuration>
  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
    <syslogHost>COLLECTOR_IP</syslogHost>
    <port>514</port>
    <facility>LOCAL0</facility>
    <suffixPattern>[%thread] %-5level %logger{36} - %msg</suffixPattern>
  </appender>

  <root level="INFO">
    <appender-ref ref="SYSLOG" />
  </root>
</configuration>

Alternative: rsyslog File Monitoring

Forward Jenkins log files using rsyslog imfile module on the Jenkins server:

/etc/rsyslog.d/61-jenkins.conf

module(load="imfile" PollingInterval="5")

input(type="imfile"
  File="/var/log/jenkins/jenkins.log"
  Tag="jenkins:"
  Severity="info"
  Facility="local0"
  StateFile="jenkins-log-state"
)

local0.* @@<COLLECTOR_IP>:514

# Restart rsyslog after adding the config
sudo systemctl restart rsyslog

Jenkins API: Retrieve Build Information

# Get recent builds for a job
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/job/my-pipeline/api/json?tree=builds[number,result,timestamp,duration]" \
  | jq '.builds[:5]'

# Get the build log for a specific build
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/job/my-pipeline/42/consoleText"

# List all jobs
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/api/json?tree=jobs[name,color]" | jq .

Collected Log Types

Log Type	Description	Security Use
Build	Build start, success, failure events	Pipeline monitoring
Authentication	User login and logout events	Access monitoring
Configuration	Job and system config changes	Change management
Credentials	Credential access and modification	Secret management
Plugins	Plugin install, update, removal	Supply chain monitoring
Nodes	Agent connect and disconnect events	Infrastructure monitoring

Troubleshooting

No audit events: Verify the Audit Trail plugin is installed and a syslog logger is configured.

Missing build events: The plugin logs management actions by default. Use Pipeline webhooks for build events.

Credential exposure: Jenkins masks secrets in build output. KYRA MDR monitors credential IDs only.

Contact kyra@seekerslab.com for support.