search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.63k stars 1.76k forks source link

Application audit events not emitted on Postgres backend #46207

Open bl-nero opened 2 months ago

bl-nero commented 2 months ago

Expected behavior: Application audit events should be emitted when a session is created.

Current behavior: If the cluster is configured with Postgres audit event backend, the app session is not generated because of an UUID parsing error. The most likely culprit is pgevents.Log.EmitAuditEvent, which attempts to parse event's session ID as an UUID, while server.CreateAppSessionFromReq sets it to a session name, which is generated as a random 64-character hex string.

Bug details:

bl-nero commented 2 months ago

Related: https://github.com/gravitational/teleport/issues/40589

webvictim commented 2 months ago

Possibly related? https://github.com/gravitational/teleport/pull/45576