-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
teleport - Managed Log Source #150
Comments
First attempt at log ingestion for teleport. It's a bit of a mess, but this has been running for a couple weeks on busy teleport servers with no schema or VRL errors. I break out as much as I can to ECS, but there's still a lot of teleport-specific content which I write to its own top level. Event categorisation is best-effort, I'm sure there's stuff I missed. Some gotchas:
|
Closed via #153 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Mentioned in #17
Teleport is an access management system which emits a lot of different audit logs
https://goteleport.com/docs/reference/audit/
There doesn't appear to be One True Way to get these logs in to AWS. For my purposes, I'm using vector to ship a local log file to firehose.
The log format is quite loosely defined and I've seen it emit events that are not documented, so it will be important to be strict as to what we keep to make sure it fits the schema, and to keep a copy of the original event in
event.original
in case they make changes and users need to parse out any changes.Panther has teleport support https://docs.panther.com/data-onboarding/supported-logs/teleport
The text was updated successfully, but these errors were encountered: