You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When viewing audit logs for instance join failures, the logs should include source address information to determine where the join attempts are originating from. In a scenario where an unknown script or process is the offending client, these log messages should have some information about the remote IP, or any other identifying information. Without that, these logs aren't actionable and can be excessively noisy.
Current behavior:
The audit logs flood with "Instance Join Failed" messages without providing any helpful information such as the source address of the attempt. This makes it challenging to diagnose issues or identify the origin of failed join attempts.
The lack of source address information in "Instance Join Failed" messages impedes troubleshooting efforts for Teleport administrators. It is valuable to include such details to facilitate better incident analysis and response.
The text was updated successfully, but these errors were encountered:
Expected behavior:
When viewing audit logs for instance join failures, the logs should include source address information to determine where the join attempts are originating from. In a scenario where an unknown script or process is the offending client, these log messages should have some information about the remote IP, or any other identifying information. Without that, these logs aren't actionable and can be excessively noisy.
Current behavior:
The audit logs flood with "Instance Join Failed" messages without providing any helpful information such as the source address of the attempt. This makes it challenging to diagnose issues or identify the origin of failed join attempts.
This audit event was introduced in #40329 / v15.2.4
Bug details:
The lack of source address information in "Instance Join Failed" messages impedes troubleshooting efforts for Teleport administrators. It is valuable to include such details to facilitate better incident analysis and response.
The text was updated successfully, but these errors were encountered: