How to track SWIS connections established via API?

We have several users who run automation scripts that use the PowerShell API to connect to the SolarWinds Information Service (SWIS). We would like to report on these connections (when they occur, what credentials they use). However, API connections to SWIS are not logged. Is there a way to enable logging of API connections to SWIS?

SolarWinds support was no help - they disclaim any responsibility for anything that uses the API or the SDK.

Thanks for any insight or assistance!

Parents Reply
  • Completely spit balling here.

    So, if I'm remembering correctly the API communicates over the SWIS ports (17774, 17777, 17778).

    If you have a load balancer or a reverse-proxy in front of your server, you could view logs for any connections to those ports.  Maybe even ship those logs off to something else (like SolarWinds Observability, Papertrail, Loggly, Kiwi Syslog, a flat file).

    Am I overthinking this? 100%.  Will that stop me?