Exporting Teleport Audit Events
The Teleport Auth Service emits audit logs when users and services interact with your cluster.
You can use Teleport's Event Handler plugin to export audit events from Teleport so you can store them in a log management platform or custom backend.
If you are new to exporting audit events with Teleport, read Forwarding Events with Fluentd to learn the basics of how our Event Handler plugin works. While this guide focuses on Fluentd, the Event Handler plugin can export audit events to any endpoint that ingests JSON messages via HTTP.
Next, read our guides to setting up the Event Handler plugin to export audit events to your solution of choice:
- Monitor Teleport Audit Events with the Elastic Stack: How to configure the Event Handler plugin to forward Teleport audit logs to Logstash for ingestion in Elasticsearch so you can explore them in Kibana.
- Monitor Teleport Audit Events with Splunk: How to configure the Event Handler plugin to send logs to Splunk's Universal Forwarder so you can explore your audit events in Splunk.