Is it possible to send teleport audit events to syslog (not the session blobs, just the json events)? From the docs, I see they can be sent to stdout, but nothing about syslog, which would make it really easy to integrate into our logging infrastructure.
@sskousen yes it is possible. Logging configuration is defined in the
teleport.yaml file. Under
output can be updated.
You can view this in the docs here: https://gravitational.com/teleport/docs/admin-guide/#configuration-file
@abdu I see that as a configuration option, but I don’t want all the normal logging events that teleport generates, I want the contents of
audit_events_uri so that we can feed the audit events into a SIEM.
You could try
audit_events_uri: ['syslog://'] but I suspect it’s not currently implemented. I will test it and if necessary, raise a feature request for this and add it to the backlog.
error: unsupported scheme for audit_events_uri: "syslog", currently supported schemes are "dynamodb" and "file", initialization failed
syslog is not currently supported. I’ll raise an issue.