benarent
commented
3 years ago We should aim to auto-generate these docs. We should aim to the same thing for Metrics and the CLI
Open travelton opened 3 years ago
benarent
commented
3 years ago We should aim to auto-generate these docs. We should aim to the same thing for Metrics and the CLI
pschisa
commented
3 years ago Even just a link to the correct spot in the Github code under Admin Guide -> Audit Log would be useful to quickly make this information available
russjones
commented
3 years ago Documenting all audit events and their description: https://github.com/gravitational/teleport/pull/8749.
ptgott
commented
2 years ago I have a draft PR that tests out one way to auto-generate the audit events reference. As klizhentas pointed out, though, we would need to use linting to ensure that all audit events can be documented this way.
travelton
commented
2 years ago @ptgott Awesome that we are making progress here! Long-running customer request. Looks like there is a PR to improve the verbiage/description of the event. Happy to help with this, tag me.
ptgott
commented
2 years ago 👍 I've changed all my comments to suggestions in the PR and approved it to get it merged more quickly. I'll keep working on the audit event table auto-generation script to ensure the table remains up to date.
Summary
When shipping Teleport Audit Events to an external log aggregation service, or SIEM platform, it would be helpful to have an inventory of all possible event codes and types.
We document a typical event schema here, but the event schema varies per event type. We should maintain JSON schemas for all events.
Here is a list of all possible event codes.
Audience
Teleport Admins