Skip to main content
Version: 19.x (unreleased)

Step 4 - Monitor Audit Logs

Report an issue with this page

Teleport logs cluster activity by emitting various events into its audit log.

This can be viewed in the Teleport Web UI by clicking on Audit > Audit Log in the left sidebar.

Here you'll see events like successful logins along with metadata such as event type, remote IP address, timestamp, and the identity involved. Click on Details to see the complete event information in JSON format.

View your SSH session recording

In addition to recording structured events in its audit log, Teleport can also capture full session recordings for SSH, desktop, or Kubernetes shell sessions.

Remember when you connected to your Ubuntu server via SSH in Step 2? That entire session was recorded.

To view the recording:

  1. Click on Audit > Session Recordings in the left sidebar
  2. Find your recent SSH session to your Ubuntu server
  3. Click the Play button to watch a full playback of everything you typed and the server's responses

This is especially useful for security audits, compliance requirements, and troubleshooting.

For a more in-depth look at how Teleport's audit system works, including event types and descriptions, storage options, and exporting events, see our Audit Events and Records guide.

What's next?

You've now explored the core steps of getting started with Teleport. However, this is only skimming the surface of what Teleport has to offer.

Enroll other resource types

In this guide, you enrolled an Ubuntu Linux server. Teleport supports many other resource types that you can enroll using similar workflows:

ApplicationsLinux ServersDatabasesKubernetes ClustersWindows DesktopsAuto-Discovery of ResourcesCloud ProvidersMCP and AI Agents

Explore additional features

You can use the search above to locate content that best fits your specific situation or scroll through our many product use cases listed on our documentation homepage.

Here are a few places to start: