Fork me on GitHub
Teleport

Database Access Audit Events Reference

Database Access Audit Events Reference

db.session.start (TDB00I/W)

Emitted when a client successfully connects to a database, or when a connection attempt fails due to access denied.

Successful connection event:

{
  "cluster_name": "root", // Teleport cluster name.
  "code": "TDB00I", // Event code.
  "db_name": "test", // Database/schema name.
  "db_protocol": "postgres", // Database protocol.
  "db_service": "local", // Database service name.
  "db_uri": "localhost:5432", // Database server endpoint.
  "db_user": "postgres", // Database account name.
  "ei": 0, // Event index within the session.
  "event": "db.session.start", // Event name.
  "namespace": "default", // Event namespace, always "default".
  "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database service agent host ID.
  "sid": "63b6fa11-cd44-477b-911a-602b75ab13b5", // Unique database session ID.
  "success": true, // Indicates successful connection.
  "time": "2021-04-27T23:00:26.014Z", // Event timestamp.
  "uid": "eac5b6c8-384a-4471-9559-e135834b1ab0", // Unique event ID.
  "user": "alice" // Teleport user name.
}

Access denied event:

{
  "cluster_name": "root", // Teleport cluster name.
  "code": "TDB00W", // Event code.
  "db_name": "test", // Database/schema name user attempted to connect to.
  "db_protocol": "postgres", // Database protocol.
  "db_service": "local", // Database service name.
  "db_uri": "localhost:5432", // Database server endpoint.
  "db_user": "superuser", // Database account name user attempted to connect as.
  "ei": 0, // Event index within the session.
  "error": "access to database denied", // Connection error.
  "event": "db.session.start", // Event name.
  "message": "access to database denied", // Detailed error message.
  "namespace": "default", // Event namespace, always "default".
  "server_id": "05ff66c9-a948-42f4-af0e-a1b6ba62561e", // Database service agent host ID.
  "sid": "d18388e5-cc7c-4624-b22b-d36db60d0c50", // Unique database session ID.
  "success": false, // Indicates unsuccessful connection.
  "time": "2021-04-27T23:03:05.226Z", // Event timestamp.
  "uid": "507fe008-99a4-4247-8603-6ba03408d047", // Unique event ID.
  "user": "alice" // Teleport user name.
}

db.session.end (TDB01I)

Emitted when a client disconnects from the database.

{
  "cluster_name": "root", // Teleport cluster name.
  "code": "TDB01I", // Event code.
  "db_name": "test", // Database/schema name.
  "db_protocol": "postgres", // Database protocol.
  "db_service": "local", // Database service name.
  "db_uri": "localhost:5432", // Database server endpoint.
  "db_user": "postgres", // Database account name.
  "ei": 3, // Event index within the session.
  "event": "db.session.end", // Event name.
  "sid": "63b6fa11-cd44-477b-911a-602b75ab13b5", // Unique database session ID.
  "time": "2021-04-27T23:00:30.046Z", // Event timestamp.
  "uid": "a626b22d-bbd0-40ef-9896-b7ff365664b0", // Unique event ID.
  "user": "alice" // Teleport user name.
}

db.session.query (TDB02I)

Emitted when a client executes a SQL query.

{
  "cluster_name": "root", // Teleport cluster name.
  "code": "TDB02I", // Event code.
  "db_name": "test", // Database/schema name.
  "db_protocol": "postgres", // Database protocol.
  "db_query": "INSERT INTO public.test (id,\"timestamp\",json)\n\tVALUES ($1,$2,$3)", // Query text.
  "db_query_parameters": [ // Query parameters (for prepared statements).
    "test-id",
    "2022-04-02 17:50:20-07",
    "{\"k\": \"v\"}"
  ],
  "db_service": "local", // Database service name.
  "db_uri": "localhost:5432", // Database server endpoint.
  "db_user": "postgres", // Database account name.
  "ei": 29, // Event index within the session.
  "event": "db.session.query", // Event name.
  "sid": "691e6f70-3c31-4412-90aa-fe0558abb212", // Unique database session ID.
  "time": "2021-04-27T23:04:57.395Z", // Event timestamp.
  "uid": "9f7b4179-b9cf-4302-bb7c-1408e404823f", // Unique event ID.
  "user": "alice" // Teleport user name.
}
Have a suggestion or can’t find something?
IMPROVE THE DOCS