Type:
How-To
Question/Problem:
is there a way to get audit log results in CSV / JSON format?
Solution:
There are few ways to get event and audit logs from Teleport without having to access the backend storage table or the Teleport WebUI. Two recommended ways are discussed below:
1. Teleport API
The following API example can be used to obtain audit events:
1. Teleport API
The following API example can be used to obtain audit events:
package main import ( "context" "fmt" "log" "time" "github.com/gravitational/teleport/api/client" "github.com/gravitational/teleport/api/defaults" "github.com/gravitational/teleport/api/types" "github.com/gravitational/teleport/api/types/events" ) func main() { ctx := context.Background() clt, err := client.New(ctx, client.Config{ Addrs: []string{ "proxy.example.com:443", "proxy.example.com:3024", }, Credentials: []client.Credentials{ client.LoadProfile("", ""), }, }) if err != nil { log.Fatalf("failed to create client: %v", err) } defer clt.Close() var ( events []events.AuditEvent nextKey string ) for { events, nextKey, err = clt.SearchEvents(ctx, time.Time{}, time.Now(), defaults.Namespace, []string{}, 20, types.EventOrderDescending, "") if err != nil { panic(err) } fmt.Printf("%+v\n\n", events) if nextKey == "" { break } } }
Note: For admins looking to pull out specific audit events types, such as user login events for example, the `[]string{}` parameter can be augmented in the API call with the event like so: `[]string{"user.login"}`.
For additional API-related information, please reference the Teleport API Guide.
2. FluentD Exporter
Detailed FluentD instructions and installation prerequisites can be found in the Teleport FluentD Guide.
Comments
0 comments
Article is closed for comments.