gravitationallogs

package
v1.14.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2020 License: AGPL-3.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LogTypes added in v1.12.0

func LogTypes() logtypes.Group

LogTypes exports all available logtypes in this group

Types

type TeleportAudit

type TeleportAudit struct {
	// A (non-exhaustive) list of event types is:
	//
	//   * auth - Authentication attempt.
	//   * session.start - Started an interactive shell session.
	//   * session.end - An interactive shell session has ended.
	//   * session.join - A new user has joined the existing interactive shell session.
	//   * session.leave - A user has left the session.
	//   * session.disk - A list of files opened during the session. Requires Enhanced Session Recording.
	//   * session.network - A list of network connections made during the session. Requires Enhanced Session Recording.
	//   * session.data - A list of data transferred in a session
	//   * session.command - A list of commands ran during the session. Requires Enhanced Session Recording.
	//   * resize - Terminal has been resized.
	//   * user.create - A new user was created
	//   * user.login - A user logged into web UI or via tsh.
	//   * user.update - A user was updated
	//   * github.create - A user was created via github
	Event pantherlog.String `json:"event" validate:"required" description:"Event type"`
	Code  pantherlog.String `json:"code" validate:"required" description:"Event code"`
	Time  pantherlog.Time   `json:"time" tcodec:"rfc3339" validate:"required" event_time:"true" description:"Event timestamp"`
	UID   pantherlog.String `json:"uid" validate:"required" description:"Event unique id"`

	User      pantherlog.String `json:"user" description:"Teleport user name (event type is 'user.login')"`
	Namespace pantherlog.String `json:"namespace" description:"Server namespace. This field is reserved for future use."`
	ServerID  pantherlog.String `json:"server_id" description:"Unique server ID."`
	SessionID pantherlog.String `json:"sid" panther:"trace_id" description:"Session ID. Can be used to replay the session."`
	EventID   pantherlog.Int32  `json:"ei" description:"Event numeric id"`

	Login         pantherlog.String `json:"login" description:"OS login"`
	AddressLocal  pantherlog.String `json:"addr.local" panther:"net_addr" description:"Address of the SSH node"`
	AddressRemote pantherlog.String `json:"addr.remote" panther:"net_addr" description:"Address of the connecting client (user)"`
	TerminalSize  pantherlog.String `json:"size" description:"Size of terminal"`

	// auth event type fields
	Success pantherlog.Bool   `json:"success" description:"Authentication success (if event type is 'auth')"`
	Error   pantherlog.String `json:"error" description:"Authentication error (event type is 'auth')"`

	// exec event type fields
	Command   pantherlog.String `json:"command" description:"Command that was executed (event type is 'exec')"`
	ExitCode  pantherlog.Int32  `json:"exitCode" description:"Exit code of the command (event type is 'exec')"`
	ExitError pantherlog.String `json:"exitError" description:"Exit error of the command (event type is 'exec')"`

	// session.command type fields
	PID        pantherlog.Int64  `json:"pid" description:"Process id of command"`
	ParentPID  pantherlog.Int64  `json:"ppid" description:"Process id of the parent process"`
	CGroupID   pantherlog.Int64  `json:"cgroup_id" description:"Control group id"`
	ReturnCode pantherlog.Int32  `json:"return_code" description:"Return code of the command"`
	Program    pantherlog.String `json:"program" description:"Name of the command"`
	ArgV       []string          `json:"argv" description:"Arguments passed to command"`

	// scp event type fields
	Path   pantherlog.String `json:"path" description:"Executable path or SCP action target file path (scp, session.command)"`
	Len    pantherlog.Int64  `json:"len" description:"SCP target file size (scp)"`
	Action pantherlog.String `json:"action" description:"SCP action (scp)"`

	// user.login event type fields
	Method     pantherlog.String      `json:"method" description:"Login method used (user.login)"`
	Attributes *pantherlog.RawMessage `json:"attributes" description:"User login attributes (user.login)"`

	// user.create event type fields
	Roles     []string          `json:"roles" description:"Roles for the new user (user.create)"`
	Connector pantherlog.String `json:"connector" description:"Connector that created the user (user.create)"`
	Expires   pantherlog.Time   `json:"expires" tcodec:"rfc3339" description:"Expiration date "`

	// user.create, user.update, github.create
	Name pantherlog.String `json:"name" description:"Name of user or service (github.created, user.create, user.update)"`

	// session.data
	BytesSent     pantherlog.Int64 `json:"tx" description:"Number of bytes sent"`
	BytesReceived pantherlog.Int64 `json:"rx" description:"Number of bytes received"`

	// session.start
	ServerLabels   map[string]string `json:"server_labels" description:"Server labels"`
	ServerHostname pantherlog.String `json:"server_hostname" panther:"hostname" description:"Server hostname"`
	ServerAddress  pantherlog.String `json:"server_addr" panther:"net_addr" description:"Server hostname"`

	// session.end
	SessionStart      pantherlog.Time `json:"session_start" tcodec:"rfc3339" description:"Timestamp of session start"`
	SessionStop       pantherlog.Time `json:"session_stop" tcodec:"rfc3339" description:"Timestamp of session end"`
	Interactive       pantherlog.Bool `json:"interactive" description:"Whether the session was interactive"`
	EnhancedRecording pantherlog.Bool `json:"enhanced_recording" description:"Whether enhanced recording is enabled"`
	Participants      []string        `json:"participants" description:"Users that participated in the session"`

	// session.network
	DestinationAddress pantherlog.String `json:"dst_addr" panther:"ip" description:"Destination IP address"`
	SourceAddress      pantherlog.String `json:"src_addr" panther:"ip" description:"Source IP address"`
	DestinationPort    pantherlog.Uint16 `json:"dst_port" description:"Destination port"`
	Version            pantherlog.Int32  `json:"version" description:"Event version"`
}

TeleportAudit is a log event in a Teleport audit log file. NOTE: Each event type has a different mix of fields. nolint:lll,maligned

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL