Type:
How-To
Question/Problem:
is there a way to get audit log results in CSV / JSON format?
Solution:
There are few ways to get event and audit logs from Teleport without having to access the backend storage table or the Teleport WebUI. Two recommended ways are discussed below:
1. Teleport API
The following API example can be used to obtain audit events:
1. Teleport API
The following API example can be used to obtain audit events:
package main
import (
"context"
"fmt"
"log"
"time"
"github.com/gravitational/teleport/api/client"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/types"
"github.com/gravitational/teleport/api/types/events"
)
func main() {
ctx := context.Background()
clt, err := client.New(ctx, client.Config{
Addrs: []string{
"proxy.example.com:443",
"proxy.example.com:3024",
},
Credentials: []client.Credentials{
client.LoadProfile("", ""),
},
})
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
defer clt.Close()
var (
events []events.AuditEvent
nextKey string
)
for {
events, nextKey, err = clt.SearchEvents(ctx, time.Time{}, time.Now(), defaults.Namespace, []string{}, 20, types.EventOrderDescending, "")
if err != nil {
panic(err)
}
fmt.Printf("%+v\n\n", events)
if nextKey == "" {
break
}
}
}
Note: For admins looking to pull out specific audit events types, such as user login events for example, the `[]string{}` parameter can be augmented in the API call with the event like so: `[]string{"user.login"}`.
For additional API-related information, please reference the Teleport API Guide.
2. FluentD Exporter
Detailed FluentD instructions and installation prerequisites can be found in the Teleport FluentD Guide.
Comments
0 comments
Article is closed for comments.