Audit Log for SSH Clusters
Restricting access and granting specific permissions through role-based access controls is the first step to securing your infrastructure. The next step is to log all activity across your infrastructure.
Teleport logs events like successful user logins along with the metadata like SSH events, remote IP address, time and the session ID.
Teleport extends the capability to log both SSH and Kubernetes security events by including the following features:
Integration with identity managers. Teleport can integrate with your identity management system and pass along the identity meta-data to connect activity to an identity. This allows you to see who's doing what and see if there is unauthorized access.
Secure storage of logs. Teleport doesn't store the audit logs on the machines where the activity is occuring. Logs are either stored on the secure Auth Server or can be shipped to external storage like DynamoDB or logging services like Splunk.
Recording of SSH Sessions. Teleport also records all of the SSH sessions, stores then and makes them available for playback so you have further visibility into what's happening during the session.
Cluster level logging. Because Teleport is designed
for clusters, it will log activity across an entire cluster or
environment, not just on a specific machine. This allows you to track
activity across your infrastructure more easily.