Home Admin Help Center

Track team activity for your professional plan with Datadog

For admins only For all plans

Track team activity for your professional plan with Datadog

Printer icon
Updated

Datadog integration is available for admins of organizations using Password Management or Credential Protection.

With a Datadog integration, you can track how your team members use Dashlane. When you set up a Datadog integration for your team, we send your Dashlane Activity Logs automatically to Datadog

Datadog is a security information and event management (SIEM) tool that allows you to monitor team activity in real time. You can search and filter events like added devices, login sharing, and invitations to your Dashlane plan. You can also set up alerts for specific events, like when someone shares a login across teams or with someone outside the organization.

Process overview

This guide explains how to forward Dashlane Audit Logs → Datadog Logs from Windows or macOS using:

  • Dashlane CLI key (Read-only activity logs)
  • Dashlane audit-logs Docker image
  • Fluent Bit for log forwarding
  • Datadog’s Logs HTTP intake endpoint

Prerequisites

Dashlane

Datadog

  • Datadog account with API access
  • Ability to create and view API keys
  • Access to the Logs product

Set up Datadog integration

Select your device's environment

Windows

Recommended setup

  • Windows 10 or later
  • Docker Desktop installed and running
  • PowerShell available

1. Get your Datadog API key & intake host

1.1 Get Datadog API key

  1. Log in to Datadog:

    https://app.datadoghq.com/

  2. Go to: Organization SettingsAPI Keys

  3. Copy an existing key OR create a new one

    • Select New Key, give it a name like Dashlane logs, and select Create Key

  4. Copy the API key, which will look like this: d08f46b9300e4aa5e6ac3b5a2ef11a71

You’ll use this as DATADOG_API_KEY.

1.2 Determine Datadog Logs Intake Host

Match your Datadog site to the correct Logs intake host:

Datadog Site

 Logs Intake Host
app.datadoghq.com (US1) http-intake.logs.datadoghq.com
us3.datadoghq.com http-intake.logs.us3.datadoghq.com
us5.datadoghq.com http-intake.logs.us5.datadoghq.com
app.datadoghq.eu (EU) http-intake.logs.datadoghq.eu

You’ll use this as the Host in fluent-bit.conf.

2. Generate Dashlane CLI key

In Dashlane Admin Console:

  1. Log in to the Dashlane browser extension and open the Admin Console
  2. Select Settings and then Developer Access
  3. After this, select Create CLI Key
  4. Name: Datadog Logs Integration
  5. Scope: Read-only activity logs
  6. Select the expiration date

  7. Select Generate key

  8. Copy the key, which starts with DASH_EDWSA_

Store the CLI key securely.

3. Install the Docker Desktop

Install Docker Desktop

Verify installation: docker version

4. Create a working directory in PowerShell

mkdir C:\DashlaneDatadog cd C:\DashlaneDatadog

5. Create fluent bit configuration (Datadog output)

Run this in PowerShell, updating the Host line before running:

@'

[INPUT]

Name stdin

Tag dashlane

[OUTPUT]

Name datadog

Match *

Host http-intake.logs.us5.datadoghq.com

TLS on

compress gzip

apikey ${DATADOG_API_KEY}

dd_service dashlane-audit-logs

dd_source dashlane

dd_tags env:production,team:security

'@ | Set-Content -Path .\fluent-bit.conf

Update before running:

Change the Host line to match your Datadog region:

Host http-intake.logs.datadoghq.com #US1

Host http-intake.logs.us3.datadoghq.com #US3

Host http-intake.logs.us5.datadoghq.com #US5

Host http-intake.logs.datadoghq.eu #EU

6. Pull Dashlane activity logs Docker image

Run in PowerShell:

docker pull dashlane/audit-logs:2

7. Run the Dashlane → Datadog Container

Replace the placeholders with your actual values, then run this in PowerShell:

docker run -d `
  --restart unless-stopped `
  --platform linux/amd64 `
  --name dashlane-datadog `
  -e
DASHLANE_ENROLLED_TEAM_DEVICE_KEYS="DASH_EDWSA_XXXXXXXXXXXXXXXX..." `
  -e DATADOG_API_KEY="YOUR_DATADOG_API_KEY_HERE" `
  -e DASHLANE_CLI_FLUENTBIT_CONF=/fluent-bit.conf `
  -v "$(pwd)/fluent-bit.conf:/fluent-bit.conf:ro" `
  dashlane/audit-logs:2

Replace:

  • DASH_EDWSA_XXXXXXXXXXXXXXXX... with your Dashlane CLI key from Section 2
  • YOUR_DATADOG_API_KEY_HERE with your Datadog API key from Section 1

Optional: The default is 60 seconds, so you can customize the polling interval by adding: -e DASHLANE_CLI_RUN_DELAY=300 to the docker run command. This will change the interval to 5 minutes.

8. Verify logging

Check container:
docker ps 

Logs:
docker logs dashlane-datadog --tail 50

Verify in Datadog:

Go to Logs and then Search:
service:dashlane-audit-logs or source:dashlane

Expect:

  • audit events flowing
  • service:dashlane-audit-logs
  • tags visible

macOS

Recommended setup

  • macOS 12 or later
  • Docker Desktop installed and running
  • Terminal access

1. Get your Datadog API key & intake host

1.1 Get Datadog API key

  1. Log in to Datadog:

    https://app.datadoghq.com/

  2. Go to: Organization SettingsAPI Keys

  3. Copy an existing key OR create a new one

    • Select New Key, give it a name like Dashlane logs, and select Create Key

  4. Copy the API key, which will look like this: d08f46b9300e4aa5e6ac3b5a2ef11a71

You’ll use this as DATADOG_API_KEY.

1.2 Determine Datadog Logs Intake Host

Match your Datadog site to the correct Logs intake host:

Datadog Site

 Logs Intake Host
app.datadoghq.com (US1) http-intake.logs.datadoghq.com
us3.datadoghq.com http-intake.logs.us3.datadoghq.com
us5.datadoghq.com http-intake.logs.us5.datadoghq.com
app.datadoghq.eu (EU) http-intake.logs.datadoghq.eu

You’ll use this as the Host in fluent-bit.conf.

2. Generate Dashlane CLI key

In Dashlane Admin Console:

  1. Log in to the Dashlane browser extension and open the Admin Console
  2. Select Settings and then Developer Access
  3. After this, select Create CLI Key
  4. Name: Datadog Logs Integration
  5. Scope: Read-only activity logs
  6. Select the expiration date

  7. Select Generate key

  8. Copy the key, which starts with DASH_EDWSA_

Store the CLI key securely.

3. Install the Docker Desktop

Install Docker Desktop

Verify installation: docker version

4. Create a working directory in Terminal

mkdir C:\DashlaneDatadog cd C:\DashlaneDatadog

5. Create fluent bit configuration (Datadog output)

Run this in PowerShell, updating the Host line before running:

cat > fluent-bit.conf << 'eof'

[INPUT]

Name stdin

Tag dashlane

[OUTPUT]

Name datadog

Match *

Host http-intake.logs.us5.datadoghq.com

TLS on

compress gzip

apikey ${DATADOG_API_KEY}

dd_service dashlane-audit-logs

dd_source dashlane

dd_tags env:production,team:security

EOF

Update before running:

Change the Host line to match your Datadog region:

Host http-intake.logs.datadoghq.com #US1

Host http-intake.logs.us3.datadoghq.com #US3

Host http-intake.logs.us5.datadoghq.com #US5

Host http-intake.logs.datadoghq.eu #EU

6. Pull Dashlane activity logs Docker image

Run in Terminal:

docker pull dashlane/audit-logs:2

7. Run the Dashlane → Datadog Container

Replace the placeholders with your actual values, then run this in Terminal:

docker run -d `
  --restart unless-stopped `
  --platform linux/amd64 `
  --name dashlane-datadog `
  -e
DASHLANE_ENROLLED_TEAM_DEVICE_KEYS="DASH_EDWSA_XXXXXXXXXXXXXXXX..." `
  -e DATADOG_API_KEY="YOUR_DATADOG_API_KEY_HERE" `
  -e DASHLANE_CLI_FLUENTBIT_CONF=/fluent-bit.conf `
  -v "$(pwd)/fluent-bit.conf:/fluent-bit.conf:ro" `
  dashlane/audit-logs:2

Replace:

  • DASH_EDWSA_XXXXXXXXXXXXXXXX... with your Dashlane CLI key from Section 2
  • YOUR_DATADOG_API_KEY_HERE with your Datadog API key from Section 1

Optional: The default is 60 seconds, so you can customize the polling interval by adding: -e DASHLANE_CLI_RUN_DELAY=300 to the docker run command. This will change the interval to 5 minutes.

8. Verify logging

Check container:
docker ps

Logs:
docker logs dashlane-datadog --tail 50

Verify in Datadog:

Go to Logs and then Search:
service:dashlane-audit-logs or source:dashlane

Expect:

  • audit events flowing
  • service:dashlane-audit-logs
  • tags visible
Powered by Zendesk