本文にスキップ
KYRA MDR KYRA MDR Docs

Jenkins CI/CD Integration

Overview

Jenkins is a widely used open-source CI/CD automation server. KYRA MDR collects Jenkins audit logs for monitoring build pipelines and detecting supply chain threats. Supports Jenkins 2.x with the Audit Trail plugin.

Prerequisites

  • A KYRA MDR Collector installed and running
  • Jenkins server with administrative access
  • Audit Trail plugin installed on Jenkins
  • Network connectivity from Jenkins to the collector on port 514

Configuration

Configure Jenkins Audit Trail plugin:

  1. Install the Audit Trail plugin from Manage Jenkins > Plugins
  2. Configure under Manage Jenkins > System > Audit Trail
  3. Add a Syslog Server logger:
SettingValue
Syslog ServerYour KYRA Collector IP
Port514
FacilityLOCAL0
Message FormatRFC 5424
  1. Click Save

Alternative: Logback Syslog Appender

If you prefer to forward Jenkins logs directly via logback (without the Audit Trail plugin), create or edit the logback configuration:

<!-- $JENKINS_HOME/logback.xml -->
<configuration>
  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
    <syslogHost>COLLECTOR_IP</syslogHost>
    <port>514</port>
    <facility>LOCAL0</facility>
    <suffixPattern>[%thread] %-5level %logger{36} - %msg</suffixPattern>
  </appender>


  <root level="INFO">
    <appender-ref ref="SYSLOG" />
  </root>
</configuration>

Alternative: rsyslog File Monitoring

Forward Jenkins log files using rsyslog imfile module on the Jenkins server:

/etc/rsyslog.d/61-jenkins.conf
module(load="imfile" PollingInterval="5")


input(type="imfile"
  File="/var/log/jenkins/jenkins.log"
  Tag="jenkins:"
  Severity="info"
  Facility="local0"
  StateFile="jenkins-log-state"
)


local0.* @@<COLLECTOR_IP>:514
Terminal window
# Restart rsyslog after adding the config
sudo systemctl restart rsyslog

Jenkins API: Retrieve Build Information

Terminal window
# Get recent builds for a job
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/job/my-pipeline/api/json?tree=builds[number,result,timestamp,duration]" \
  | jq '.builds[:5]'


# Get the build log for a specific build
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/job/my-pipeline/42/consoleText"


# List all jobs
curl -s -u "admin:API_TOKEN" \
  "https://jenkins.example.com/api/json?tree=jobs[name,color]" | jq .

Collected Log Types

Log TypeDescriptionSecurity Use
BuildBuild start, success, failure eventsPipeline monitoring
AuthenticationUser login and logout eventsAccess monitoring
ConfigurationJob and system config changesChange management
CredentialsCredential access and modificationSecret management
PluginsPlugin install, update, removalSupply chain monitoring
NodesAgent connect and disconnect eventsInfrastructure monitoring

Troubleshooting

No audit events: Verify the Audit Trail plugin is installed and a syslog logger is configured.

Missing build events: The plugin logs management actions by default. Use Pipeline webhooks for build events.

Credential exposure: Jenkins masks secrets in build output. KYRA MDR monitors credential IDs only.

Contact kyra@seekerslab.com for support.