Manually reading logfiles

Hi there,

We are taking filesystem snapshots of our teleport server; in the event one of the servers fails, I wanted to understand how to actually read the logfiles without teleport.

It appears that inside /var/lib/teleport, there’s a directory called “log” that contains text information of all recorded sessions. There’s also another directory inside “log” named after the UUID of the started server; this directory contains a bunch of gzipped and index files that I assume are the actual recorded sessions.

Is there a way to view these sessions without starting teleport itself? Or, if I do have to start teleport, is there a way of easily doing so with a UUID so that it will automatically attach to these log files and read them?

Thanks so much for creating this awesome software!

Hi - there isn’t currently a ‘native’ way to do this. There’s an outstanding GIthub issue tracking a request for this functionality here - https://github.com/gravitational/teleport/issues/1580

It is possible to look through the contents of the files using tools like zcat and zgrep - the ‘events’ files hold a copy of the audit log associated with the session along with timestamps for text entry and so forth, while the ‘chunks’ files hold the raw input/output complete with terminal control characters, etc.

Thank you for the response!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.