Skip to content

LastPass Password Manager

This guide outlines a method to forward logs from LastPass to a designated Syslog endpoint by utilizing the LastPass Reporting API and a custom script or third-party tool for log forwarding. Since LastPass does not directly support Syslog forwarding, this workaround enables integration with external logging systems.

Prerequisites

  • An active LastPass Enterprise or Business account with administrative access.
  • API access enabled for your LastPass account.
  • A server or environment where you can run scripts (e.g., Python, PowerShell) or deploy third-party tools.
  • The Syslog endpoint and port provided by the service (replace <SYSLOG_ENDPOINT> and <SYSLOG_PORT> with the actual values).

Step 1: Obtain LastPass API Credentials

  1. Contact LastPass Support to enable API access for your account, if not already done.
  2. Once API access is granted, generate your API credentials (client ID and secret) following LastPass's documentation or support guidance.

Step 2: Extract Logs from LastPass Using the API

  1. Write or Obtain a Script: Use a scripting language (e.g., Python) to write a script that utilizes the LastPass Reporting API to fetch log data. Alternatively, look for existing scripts or third-party tools that can perform this task.

    Here's a conceptual Python snippet for fetching logs:

    import requests

def fetch_lastpass_logs(client_id, client_secret):
    url = "https://lastpass.com/enterpriseapi.php"
    headers = {"Content-Type": "application/json"}
    payload = {
        "cid": client_id,
        "provhash": client_secret,
        "cmd": "reporting",
        "data": {
            "from": "2021-01-01",
            "to": "2021-01-31",
            "reporttype": "event"
        }
    }
    response = requests.post(url, json=payload, headers=headers)
    if response.status_code == 200:
        return response.json()
    else:
        return None

    Note: Replace the from and to values with your desired log fetch range.

  2. Schedule the Script: Depending on your operating system, use cron jobs (Linux) or Task Scheduler (Windows) to run the script at regular intervals.

Step 3: Forward Logs to Syslog

Extend the script from Step 2 to forward the fetched logs to your Syslog server. This can be done by sending logs over UDP or TCP to <SYSLOG_ENDPOINT> on port <SYSLOG_PORT>.

Here's a basic extension to the Python snippet, adding UDP forwarding:

import socket

def send_to_syslog(syslog_server, syslog_port, log_message):
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    syslog_message = "<14>{}".format(log_message).encode('utf-8')
    sock.sendto(syslog_message, (syslog_server, syslog_port))
    sock.close()

Step 4: Verify Log Forwarding