Package firestoreeventsLog implements Firestore storage backend for Teleport event storage.

Package gcssessionsHandler implements GCS storage for Teleport session recording persistence.

DetectFormat detects format by reading first bytes of the header.

Export converts session files from binary/protobuf to text/JSON.

FIPSProtoStateToAWSState converts a FIPS proto state to an aws endpoints.FIPSEndpointState.

FromEventFields converts from the typed dynamic representation to the new typed interface-style representation.

GetSessionID pulls the session ID from the events that have a SessionMetadata.

GetTeleportUser pulls the teleport user from the events that have a UserMetadata.

IsPermanentEmitError checks if the error contains either a sole [trace.BadParameter] error in its chain, or a [trace.Aggregate] error composed entirely of BadParameters.

NewAsyncEmitter returns emitter that submits events without blocking the caller.

NewAuditLog creates and returns a new Audit Log object which will store its log files in a given directory.

NewCallbackEmitter returns an emitter that invokes a callback on every action, is used in tests to inject failures.

NewCallbackStreamer returns streamer that invokes callback on every action, is used in tests to inject failures.

NewCheckingEmitter returns emitter that checks that all required fields are properly set.

NewDiscardAuditLog returns a no-op audit log instance.

NewDiscardEmitter returns a no-op discard emitter.

NewDiscardRecorder returns a [SessionRecorderChecker] that discards events.

NewDiscardStreamer returns a streamer that creates streams that discard events.

NewFileLog returns a new instance of a file log.

NewLoggingEmitter returns an emitter that logs all events to the console with the info level.

NewMultiEmitter returns emitter that writes events to all emitters.

NewMultiLog returns a new instance of a multi logger.

NewProtoReader returns a new proto reader with slice pool.

NewProtoStream uploads session recordings in the protobuf format.

NewProtoStreamer creates protobuf-based streams.

NewReportingStreamer reports upload events to the eventsC channel, if the channel is not nil.

NewSearchEventLimiter returns instance of new SearchEventsLimiter.

NewSessionPreparerRecorder returns a SessionPreparerRecorder that can both setup and record session events.

NewSessionWriter returns a new instance of session writer.

NewUploadCompleter returns a new UploadCompleter.

NewWriterEmitter returns a new instance of emitter writing to writer.

NewWriterLog returns a new instance of writer log.

ParseFileTime parses file's timestamp encoded into filename.

SetupAndRecordEvent will set necessary event fields for session-related events and record them.

StartNewUploadCompleter starts an upload completer background process that will will close once the provided ctx is closed.

ToEventFields converts from the typed interface-style event representation to the old dynamic map style representation in order to provide outer compatibility with existing public API routes when the backend is updated with the typed events.

ValidateServerMetadata checks that event server ID of the event if present, matches the passed server ID and namespace has proper syntax.

WithNoOpPreparer wraps rec with a SessionEventPreparer that will leave events unchanged.

WriteForSSHPlayback reads events from an SessionReader and writes them to disk in a format optimized for playback.

AbandonedUploadPollingRate defines how often to check for abandoned uploads which need to be completed.

AccessListCreateEvent is emitted when an access list is created.

AccessListCreateFailureCode is the access list create failure code.

AccessListCreateSuccessCode is the access list create success code.

AccessListDeleteEvent is emitted when an access list is deleted.

AccessListDeleteFailureCode is the access list delete failure code.

AccessListDeleteSuccessCode is the access list delete success code.

AccessListMemberCreateEvent is emitted when a member is added to an access list.

AccessListMemberCreateFailureCode is the access list member create failure code.

AccessListMemberCreateSuccessCode is the access list member create success code.

AccessListMemberDeleteAllForAccessListEvent is emitted when all members are deleted from an access list.

AccessListMemberDeleteAllForAccessListFailureCode is the access list member delete failure code.

AccessListMemberDeleteAllForAccessListSuccessCode is the access list all member delete success code.

AccessListMemberDeleteEvent is emitted when a member is deleted from an access list.

AccessListMemberDeleteFailureCode is the access list member delete failure code.

AccessListMemberDeleteSuccessCode is the access list member delete success code.

AccessListMemberUpdateEvent is emitted when a member is updated in an access list.

AccessListMemberUpdateFailureCode is the access list member update failure code.

AccessListMemberUpdateSuccessCode is the access list member update success code.

AccessListReviewEvent is emitted when an access list is reviewed.

AccessListReviewFailureCode is the access list review failure code.

AccessListReviewSuccessCode is the access list review success code.

AccessListUpdateEvent is emitted when an access list is updated.

AccessListUpdateFailureCode is the access list update failure code.

AccessListUpdateSuccessCode is the access list update success code.

AccessRequestCreateCode is the the access request creation code.

AccessRequestCreateEvent is emitted when a new access request is created.

AccessRequestDelegator is used by teleport plugins to indicate the identity which caused them to update state.

AccessRequestDeleteCode is the access request deleted code.

AccessRequestDeleteEvent is emitted when a new access request is deleted.

AccessRequestID is the ID of an access request.

AccessRequestResourceSearch is emitted when a user searches for resources as part of a search-based access request.

AccessRequestResourceSearchCode is the access request resource search code.

AccessRequestReviewCode is the access review application code.

AccessRequestReviewEvent is emitted when a review is applied to a request.

AccessRequestState is the state of a request.

AccessRequestUpdateCode is the access request state update code.

AccessRequestUpdateEvent is emitted when a request's state is updated.

AppCreateCode is the app.create event code.

AppCreateEvent is emitted when an application resource is created.

AppDeleteCode is the app.delete event code.

AppDeleteEvent is emitted when an application resource is deleted.

AppSessionChunkCode is the application session chunk create code.

AppSessionChunkEvent is emitted at the start of a 5 minute chunk on each proxy.

AppSessionDynamoDBRequestCode is the application request/response code.

AppSessionDynamoDBRequestEvent is emitted when DynamoDB client sends a request via app access session.

AppSessionEndCode is the application session end event code.

AppSessionEndEvent is emitted when a user connects to a TCP application.

AppSessionRequestCode is the application request/response code.

AppSessionRequestEvent is an HTTP request and response.

AppSessionStartCode is the application session start code.

AppSessionStartEvent is emitted when a user is issued an application certificate.

AppUpdateCode is the app.update event code.

AppUpdateEvent is emitted when an application resource is updated.

Argv is the list of arguments to the program.

AsyncBufferSize is a default buffer size for async emitters.

AuditBackoffTimeout is a time out before audit logger will start losing events.

AuthAttemptEvent is authentication attempt that either succeeded or failed based on event status.

AuthAttemptFailureCode is the auth attempt failure event code.

BillingCardCreateCode is an event code for when a user creates a new credit card.

BillingCardCreateEvent is emitted when a user creates a new credit card.

BillingCardDeleteCode is an event code for when a user deletes a credit card.

BillingCardDeleteEvent is emitted when a user deletes a credit card.

BillingCardUpdateCode is an event code for when a user updates an existing credit card.

BillingCardUpdateEvent is emitted when a user updates an existing credit card.

BillingInformationUpdateCode is an event code for when a user updates their billing info.

BillingInformationUpdateEvent is emitted when a user updates their billing information.

BotCreateCode is the `bot.create` event code.

BotCreateEvent is emitted when a bot is created.

BotDeleteCode is the `bot.delete` event code.

BotDeleteEvent is emitted when a bot is deleted.

BotJoinCode is the 'bot.join' event code.

BotJoinEvent is emitted when a bot joins.

BotUpdateCode is the `bot.update` event code.

BotUpdateEvent is emitted when a bot is updated.

CassandraBatchEventCode is the db.session.cassandra.batch event code.

CassandraExecuteEventCode is the db.session.cassandra.execute event code.

CassandraPrepareEventCode is the db.session.cassandra.prepare event code.

CassandraRegisterEventCode is the db.session.cassandra.register event code.

CertificateCreateCode is the certificate issuance event code.

CertificateCreateEvent is emitted when a certificate is issued.

CertificateTypeUser is the CertificateType for certificate events pertaining to user certificates.

CgroupID is the internal cgroupv2 ID of the event.

ClientDisconnectCode is the client disconnect event code.

ClientDisconnectEvent is emitted when client is disconnected by the server due to inactivity or any other reason.

ConcurrentUploadsPerStream limits the amount of concurrent uploads per stream.

CorruptedSessionsDir is a subdirectory of sessions (/var/lib/teleport/log/upload/corrupted) where corrupted session recordings are placed.

DatabaseCreateCode is the db.create event code.

DatabaseCreateEvent is emitted when a database resource is created.

DatabaseDeleteCode is the db.delete event code.

DatabaseDeleteEvent is emitted when a database resource is deleted.

DatabaseSessionCassandraBatchEvent is emitted when a Cassandra client executes a batch of queries.

DatabaseSessionCassandraExecuteEvent is emitted when a Cassandra client sends executed packet.

DatabaseSessionCassandraPrepareEvent is emitted when a Cassandra client sends prepare packet.

DatabaseSessionCassandraRegisterEvent is emitted when a Cassandra client sends the register packet.

DatabaseSessionDynamoDBRequestEvent is emitted when DynamoDB client sends a request via database-access.

DatabaseSessionElasticsearchRequestEvent is emitted when Elasticsearch client sends a generic request.

DatabaseSessionEndCode is the database session end event code.

DatabaseSessionEndEvent is emitted when a database client disconnects from a database.

DatabaseSessionMalformedPacketCode is the db.session.malformed_packet event code.

DatabaseSessionMalformedPacketEvent is emitted when SQL packet is malformed.

DatabaseSessionMySQLCreateDBEvent is emitted when a MySQL client creates a schema.

DatabaseSessionMySQLDebugEvent is emitted when a MySQL client asks the server to dump internal debug info to stdout.

DatabaseSessionMySQLDropDBEvent is emitted when a MySQL client drops a schema.

DatabaseSessionMySQLInitDBEvent is emitted when a MySQL client changes the default schema for the connection.

DatabaseSessionMySQLProcessKillEvent is emitted when a MySQL client asks the server to terminate a connection.

DatabaseSessionMySQLRefreshEvent is emitted when a MySQL client sends refresh commands.

DatabaseSessionMySQLShutDownEvent is emitted when a MySQL client asks the server to shut down.

DatabaseSessionMySQLStatementBulkExecuteEvent is emitted when a MySQL client executes a bulk insert of a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementCloseEvent is emitted when a MySQL client deallocates a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementExecuteEvent is emitted when a MySQL client executes a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementFetchEvent is emitted when a MySQL client fetches rows from a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementPrepareEvent is emitted when a MySQL client creates a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementResetEvent is emitted when a MySQL client resets the data of a prepared statement using the prepared statement protocol.

DatabaseSessionMySQLStatementSendLongDataEvent is emitted when a MySQL client sends long bytes stream using the prepared statement protocol.

DatabaseSessionOpenSearchRequestEvent is emitted when OpenSearch client sends a request.

DatabaseSessionPostgresBindEvent is emitted when a Postgres client readies a prepared statement for execution and binds it to parameters.

DatabaseSessionPostgresCloseEvent is emitted when a Postgres client closes an existing prepared statement.

DatabaseSessionPostgresExecuteEvent is emitted when a Postgres client executes a previously bound prepared statement.

DatabaseSessionPostgresFunctionEvent is emitted when a Postgres client calls an internal function.

DatabaseSessionPostgresParseEvent is emitted when a Postgres client creates a prepared statement using extended query protocol.

DatabaseSessionQueryCode is the database query event code.

DatabaseSessionQueryEvent is emitted when a database client executes a query.

DatabaseSessionQueryFailedCode is the database query failure event code.

DatabaseSessionQueryFailedEvent is emitted when database client's request to execute a database query/command was unsuccessful.

DatabaseSessionSQLServerRPCRequestEvent is emitted when MSServer client sends RPC request command.

DatabaseSessionStartCode is the database session start event code.

DatabaseSessionStartEvent is emitted when a database client attempts to connect to a database.

DatabaseSessionStartFailureCode is the database session start failure event code.

DatabaseUpdateCode is the db.update event code.

DatabaseUpdateEvent is emitted when a database resource is updated.

DesktopClipboardReceiveCode is the desktop clipboard receive code.

DesktopClipboardReceiveEvent is emitted when Teleport receives clipboard data from a remote desktop.

DesktopClipboardSendCode is the desktop clipboard send code.

DesktopClipboardSendEvent is emitted when local clipboard data is sent to Teleport.

DesktopRecordingEvent is emitted as a desktop access session is recorded.

DesktopSessionEndCode is the desktop session end event code.

DesktopSessionStartCode is the desktop session start event code.

DesktopSessionStartFailureCode is event code for desktop sessions that failed to start.

DesktopSharedDirectoryReadCode is the desktop directory read code.

DesktopSharedDirectoryReadEvent is emitted when data is read from a shared directory.

DesktopSharedDirectoryReadFailureCode is the desktop directory read code for when a read operation fails, or for if the internal cache state was corrupted causing information loss, or for when the internal cache has exceeded its max size.

DesktopSharedDirectoryStartCode is the desktop directory start code.

DesktopSharedDirectoryStartEvent is emitted when when Teleport successfully begins sharing a new directory to a remote desktop.

DesktopSharedDirectoryStartFailureCode is the desktop directory start code for when a start operation fails, or for when the internal cache state was corrupted causing information loss, or for when the internal cache has exceeded its max size.

DesktopSharedDirectoryWriteCode is the desktop directory write code.

DesktopSharedDirectoryWriteEvent is emitted when data is written to a shared directory.

DesktopSharedDirectoryWriteFailureCode is the desktop directory write code for when a write operation fails, or for if the internal cache state was corrupted causing information loss, or for when the internal cache has exceeded its max size.

DeviceAuthenticateCode is the device authentication code.

DeviceAuthenticateEvent is emitted when a device is authenticated.

DeviceCreateCode is the device creation/registration code.

DeviceCreateEvent is emitted on device registration.

DeviceDeleteCode is the device deletion code.

DeviceDeleteEvent is emitted on device deletion.

DeviceEnrollCode is the device enrollment completion code.

DeviceEnrollEvent is emitted when a device is enrolled.

DeviceEnrollTokenCreateCode is the device enroll token creation code.

DeviceEnrollTokenCreateEvent is emitted when a new enrollment token is issued for a device.

DeviceEnrollTokenSpentCode is the device enroll token spent code.

DeviceEvent is the catch-all event for Device Trust events.

DeviceUpdateCode is the device update code.

DeviceUpdateEvent is emitted on device updates.

DiskAlertInterval is disk space check interval.

DiskAlertThreshold is the disk space alerting threshold.

DstAddr is the destination IP address of the connection.

DstPort is the destination port of the connection.

DynamoDBRequestCode is the db.session.dynamodb.request event code.

DynamoDBRequestFailureCode is the db.session.dynamodb.request event failure code.

ElasticsearchRequestCode is the db.session.elasticsearch.request event code.

ElasticsearchRequestFailureCode is the db.session.elasticsearch.request event failure code.

EventCode is a code that uniquely identifies a particular event type.

EventCursor is an event ID (used as cursor value for enumeration, not stored).

EventID is a unique event identifier.

EventIndex is an event index as received from the logging server.

EventLogin is OS login.

EventNamespace is a namespace of the session event.

EventProtocol specifies protocol that was captured.

EventProtocolKube specifies kubernetes as a type of captured protocol.

EventProtocolsSSH specifies SSH as a type of captured protocol.

EventProtocolTDP specifies Teleport Desktop Protocol (TDP) as a type of captured protocol.

EventTime is event time.

EventType is event type/kind.

EventUser is teleport user name.

ExecCode is the exec event code.

ExecEvent is an exec command executed by script or user on the server side.

ExecFailureCode is the exec failure event code.

ExternalAuditStorageDisableCode is the External Audit Storage disabled code.

ExternalAuditStorageDisableEvent is emitted when External Audit Storage is disabled.

ExternalAuditStorageEnableCode is the External Audit Storage enabled code.

ExternalAuditStorageEnableEvent is emitted when External Audit Storage is enabled.

FastAttempts is the initial amount of fast retry attempts before switching to slow mode.

FieldName contains name, e.g.

Flags are the flags passed to open.

GithubConnectorCreatedCode is the Github connector created event code.

GithubConnectorCreatedEvent fires when a Github connector is created.

GithubConnectorDeletedCode is the Github connector deleted event code.

GithubConnectorDeletedEvent fires when a Github connector is deleted.

GithubConnectorUpdatedCode is the Github connector updated event code.

GithubConnectorUpdatedEvent fires when a Github connector is updated.

IdentityAttributes is a map of user attributes received from identity provider.

InactivityFlushPeriod is a period of inactivity that triggers upload of the data - flush.

InstanceJoinCode is the 'node.join' event code.

InstanceJoinEvent is emitted when an instance joins.

Int32Size is a constant for 32 bit integer byte size.

Int64Size is a constant for 64 bit integer byte size.

KubeRequestCode is an event code for a generic kubernetes request.

KubeRequestEvent fires when a proxy handles a generic kubernetes request.

KubernetesClusterCreateCode is the kube.create event code.

KubernetesClusterCreateEvent is emitted when a kubernetes cluster resource is created.

KubernetesClusterDeleteCode is the kube.delete event code.

KubernetesClusterDeleteEvent is emitted when a kubernetes cluster resource is deleted.

KubernetesClusterUpdateCode is the kube.update event code.

KubernetesClusterUpdateEvent is emitted when a kubernetes cluster resource is updated.

LocalAddr is a target address on the host.

LockCreatedCode is the lock created event code.

LockCreatedEvent fires when a lock is created/updated.

LockDeletedCode is the lock deleted event code.

LockDeletedEvent fires when a lock is deleted.

LogfileExt defines the ending of the daily event log file.

LoginMethod is the event field indicating how the login was performed.

LoginMethodClientCert represents login with client certificate.

LoginMethodGithub represents login with Github.

LoginMethodHeadless represents headless login request.

LoginMethodLocal represents login with username/password.

LoginMethodOIDC represents login with OIDC.

LoginMethodSAML represents login with SAML.

LoginRuleCreateCode is the login rule create code.

LoginRuleCreateEvent is emitted when a login rule is created or updated.

LoginRuleDeleteCode is the login rule delete code.

LoginRuleDeleteEvent is emitted when a login rule is deleted.

MaxChunkBytes defines the maximum size of a session stream chunk that can be requested via AuditLog.GetSessionChunk().

This is the max size of all the events we return when searching for events.

Maximum is an event field specifying a maximal value (e.g.

MaxProtoMessageSizeBytes is maximum protobuf marshaled message size.

MaxUploadParts is the maximum allowed number of parts in a multi-part upload on Amazon S3.

MFADeviceAddEvent is an event type for users adding MFA devices.

MFADeviceAddEventCode is an event code for users adding MFA devices.

MFADeviceDeleteEvent is an event type for users deleting MFA devices.

MFADeviceDeleteEventCode is an event code for users deleting MFA devices.

MinUploadPartSizeBytes is the minimum allowed part size when uploading a part to Amazon S3.

MySQLCreateDBCode is the db.session.mysql.create_db event code.

MySQLDebugCode is the db.session.mysql.debug event code.

MySQLDropDBCode is the db.session.mysql.drop_db event code.

MySQLInitDBCode is the db.session.mysql.init_db event code.

MySQLProcessKillCode is the db.session.mysql.process_kill event code.

MySQLRefreshCode is the db.session.mysql.refresh event code.

MySQLShutDownCode is the db.session.mysql.shut_down event code.

MySQLStatementBulkExecuteCode is the db.session.mysql.statements.bulk_execute event code.

MySQLStatementCloseCode is the db.session.mysql.statements.close event code.

MySQLStatementExecuteCode is the db.session.mysql.statements.execute event code.

MySQLStatementFetchCode is the db.session.mysql.statements.fetch event code.

MySQLStatementPrepareCode is the db.session.mysql.statements.prepare event code.

MySQLStatementResetCode is the db.session.mysql.statements.reset event code.

MySQLStatementSendLongDataCode is the db.session.mysql.statements.send_long_data event code.

NetworkBackoffDuration is a standard backoff on network requests usually is slow, e.g.

NetworkRetryDuration is a standard retry on network requests to retry quickly, e.g.

OIDCConnectorCreatedCode is the OIDC connector created event code.

OIDCConnectorCreatedEvent fires when OIDC connector is created.

OIDCConnectorDeletedCode is the OIDC connector deleted event code.

OIDCConnectorDeletedEvent fires when OIDC connector is deleted.

OIDCConnectorUpdatedCode is the OIDC connector updated event code.

OIDCConnectorUpdatedEvent fires when OIDC connector is updated.

OktaApplicationsUpdateCode is the Okta applications updated code.

OktaApplicationsUpdateEvent is emitted when the applications synced from Okta have been updated.

OktaAssignmentCleanupEvent is emitted when an assignment is cleaned up.

OktaAssignmentCleanupFailureCode is the Okta assignment cleanup failure code.

OktaAssignmentCleanupSuccessCode is the Okta assignment cleanup success code.

OktaAssignmentProcessEvent is emitted when an assignment is processed.

OktaAssignmentProcessFailureCode is the Okta assignment process failure code.

OktaAssignmentProcessSuccessCode is the Okta assignment process success code.

OktaGroupsUpdateCode is the Okta groups updated code.

OktaGroupsUpdate event is emitted when the groups synced from Okta have been updated.

OktaSyncFailureCode is the Okta synchronization failure code.

OktaSyncFailureEvent is emitted when the Okta synchronization fails.

OpenSearchRequestCode is the db.session.opensearch.request event code.

OpenSearchRequestFailureCode is the db.session.opensearch.request event failure code.

Path is the full path to the executable.

PID is the ID of the process.

PlaybackDir is a directory for caching downloaded sessions during playback.

PortForwardCode is the port forward event code.

Port forwarding event.

PortForwardFailureCode is the port forward failure event code.

PostgresBindCode is the db.session.postgres.statements.bind event code.

PostgresCloseCode is the db.session.postgres.statements.close event code.

PostgresExecuteCode is the db.session.postgres.statements.execute event code.

PostgresFunctionCallCode is the db.session.postgres.function event code.

PostgresParseCode is the db.session.postgres.statements.parse event code.

PPID is the PID of the parent process.

PrivilegeTokenCreateCode is the privilege token create event code.

PrivilegeTokenCreateEvent is emitted when a new user privilege token is created.

Program is name of the executable.

ProtoStreamV1 is a version of the binary protocol.

ProtoStreamV1PartHeaderSize is the size of the part of the protocol stream on disk format, it consists of * 8 bytes for the format version * 8 bytes for meaningful size of the part * 8 bytes for optional padding size at the end of the slice.

ProtoStreamV1RecordHeaderSize is the size of the header of the record header, it consists of the record length.

ProvisionTokenCreateCode is the event code for creating a provisioning token, also known as Join Token.

ProvisionTokenCreateEvent is the event for creating a provisioning token, also known as Join Token.

Reason is a field that specifies reason for event, e.g.

RecordsDir is an auth server subdirectory with session recordings that is used when the auth server is not configured for external cloud storage.

RecoveryCodeGeneratedEvent is an event type for generating a user's recovery tokens.

RecoveryCodesGenerateCode is an event code for generation of recovery codes.

RecoveryCodeUsedEvent is an event type when a recovery token was used.

RecoveryCodeUseFailureCode is an event code for when a recovery code was not used successfully.

RecoveryCodeUseSuccessCode is an event code for when a recovery code was used successfully.

RecoveryTokenCreateCode is the recovery token create event code.

RecoveryTokenCreateEvent is emitted when a new recovery token is created.

RemoteAddr is a client (user's) address.

RenewableCertificateGenerationMismatchCode is the renewable cert generation mismatch code.

RenewableCertificateGenerationMismatchEvent is emitted when a renewable certificate's generation counter is invalid.

ReservedParts is the amount of parts reserved by default.

ResetPasswordTokenCreateCode is the token create event code.

ResetPasswordTokenCreateEvent is emitted when a new reset password token is created.

ResetPasswordTokenTTL is TTL of reset password token.

ResizeEvent means that some user resized PTY on the client.

ReturnCode is the return code of execve.

RoleCreatedCode is the role created event code.

RoleCreatedEvent fires when role is created or upserted.

RoleDeletedCode is the role deleted event code.

RoleDeletedEvent fires when role is deleted.

RoleUpdatedCode is the role created event code.

RoleUpdatedEvent fires when role is updated.

SAMLConnectorCreatedCode is the SAML connector created event code.

SAMLConnectorCreatedEvent fires when SAML connector is created.

SAMLConnectorDeletedCode is the SAML connector deleted event code.

SAMLConnectorDeletedEvent fires when SAML connector is deleted.

SAMLConnectorUpdatedCode is the SAML connector updated event code.

SAMLConnectorUpdatedEvent fires when SAML connector is updated.

SAMLIdPAuthAttemptCode is the SAML IdP auth attempt code.

SAMLIdPAuthAttemptEvent is emitted when a user has attempted to authorize against the SAML IdP.

SAMLIdPServiceProviderCreateCode is the SAML IdP service provider create code.

SAMLIdPServiceProviderCreateEvent is emitted when a service provider has been created.

SAMLIdPServiceProviderCreateFailureCode is the SAML IdP service provider create failure code.

SAMLIdPServiceProviderDeleteAllCode is the SAML IdP service provider delete all code.

SAMLIdPServiceProviderDeleteAllEvent is emitted when all service providers have been deleted.

SAMLIdPServiceProviderDeleteAllFailureCode is the SAML IdP service provider delete all failure code.

SAMLIdPServiceProviderDeleteCode is the SAML IdP service provider delete code.

SAMLIdPServiceProviderDeleteEvent is emitted when a service provider has been deleted.

SAMLIdPServiceProviderDeleteFailureCode is the SAML IdP service provider delete failure code.

SAMLIdPServiceProviderUpdateCode is the SAML IdP service provider update code.

SAMLIdPServiceProviderUpdateEvent is emitted when a service provider has been updated.

SAMLIdPServiceProviderUpdateFailureCode is the SAML IdP service provider update failure code.

SCPDownloadCode is the file download event code.

SCPDownloadFailureCode is the file download event failure code.

SCPEvent means data transfer that occurred on the server.

SCPUploadCode is the file upload event code.

SCPUploadFailureCode is the file upload failure event code.

SecReportsAuditQueryRunCode is used when a custom Security Reports Query is run.

SecReportsAuditQueryRunEvent is emitted when a security report query is run.

SecReportsReportRunCode is used when a report in run.

SecReportsReportRunEvent is emitted when a security report is run.

SessionByteOffset is the number of bytes written to session stream since the beginning.

SessionClusterName is the cluster name that the session occurred in.

SessionCommandCode is a session command code.

SessionCommandEvent is emitted when an executable is run within a session.

SessionConnectCode is the session connect event code.

SessionConnectEvent is emitted when any ssh connection is made.

SessionDataCode is the session data event code.

Data transfer events.

SessionDataIndex is a very large number of the event index to indicate one of the last session events, used to report data transfer.

SessionDiskCode is a session disk code.

SessionDiskEvent is emitted when a file is opened within an session.

SessionEndCode is the session end event code.

SessionEndEvent indicates that a session has ended.

SessionEndTime is the timestamp at which the session ended.

SessionEnhancedRecording is used to indicate if the recording was an enhanced recording or not.

SessionEventID is a unique UUID of the session.

SessionEventTimestamp is an offset (in milliseconds) since the beginning of the session when the terminal IO event happened.

SessionInteractive is used to indicate if the session was interactive (has PTY attached) or not (exec session).

SessionJoinCode is the session join event code.

SessionJoinEvent indicates that someone joined a session.

SessionLeaveCode is the session leave event code.

SessionLeaveEvent indicates that someone left a session.

SessionLogsDir is a subdirectory inside the eventlog data dir where all session-specific logs and streams are stored, like in /var/lib/teleport/log/sessions.

SessionNetworkCode is a session network code.

SessionNetworkEvent is emitted when a network connection is initiated with a session.

SessionParticipants is a list of participants in the session.

SessionPrintEvent event happens every time a write occurs to terminal I/O during a session.

SessionPrintEventBytes says how many bytes have been written into the session during "print" event.

SessionRecordingAccessCode is the session recording view data event code.

SessionRecordingAccessEvent is emitted when a session recording is accessed.

SessionRecordingType is the type of session recording.

SessionRejectedCode is an event code for when a user's attempt to create an session/connection has been rejected.

SessionRejectedEvent fires when a user's attempt to create an authenticated session has been rejected due to exceeding a session control limit.

SessionRejectedReasonMaxConnections indicates that a session.rejected event corresponds to enforcement of the max_connections control.

SessionRejectedReasonMaxSessions indicates that a session.rejected event corresponds to enforcement of the max_sessions control.

SessionServerAddr is the address of the server the session occurred on.

SessionServerHostname is the hostname of the server the session occurred on.

SessionServerID is the UUID of the server the session occurred on.

SessionServerLabels are the labels (static and dynamic) of the server the session occurred on.

SessionStartCode is the session start event code.

SessionStartEvent indicates that session has been initiated or updated by a joining party on the server.

SessionStartTime is the timestamp at which the session began.

SessionUploadCode is the session upload event code.

SessionUploadEvent indicates that session has been uploaded to the external storage.

SessionUploadIndex is a very large number of the event index to indicate that this is the last event in the chain used for the last event of the sesion - session upload.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

SFTPEvent means a user attempted a file operation.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

The following codes correspond to SFTP file operations.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

There is no strict algorithm for picking an event code, however existing event codes are currently loosely categorized as follows: - Teleport event codes start with "T" and belong in this const block.

SQLServerRPCRequestCode is the db.session.sqlserver.rpc_request event code.

SrcAddr is the source IP address of the connection.

SSMRunEvent is emitted when a run of an install script completes on a discovered EC2 node.

SSMRunFailCode is the discovery script success code.

SSMRunSuccessCode is the discovery script success code.

StreamingSessionsDir is a subdirectory of sessions (/var/lib/teleport/log/upload/streaming) that is used in new versions of the uploader.

SubsystemCode is the subsystem event code.

SubsystemEvent is the result of the execution of a subsystem.

SubsystemFailureCode is the subsystem failure event code.

SymlinkFilename is a name of the symlink pointing to the last current log file.

TCPVersion is the version of TCP (4 or 6).

TerminalResizeCode is the terminal resize event code.

expressed as 'W:H'.

TrustedClusterCreateCode is the event code for creating a trusted cluster.

TrustedClusterCreateEvent is the event for creating a trusted cluster.

TrustedClusterDeleteCode is the event code for removing a trusted cluster.

TrustedClusterDeleteEvent is the event for removing a trusted cluster.

TrustedClusterTokenCreateCode is the event code for creating new provisioning token for a trusted cluster.

TrustedClusterTokenCreateEvent is the event for creating new provisioning token for a trusted cluster.

UnknownCode is used when an event of unknown type is encountered.

UnknownEvent is any event received that isn't recognized as any other event type.

UpdatedBy indicates the user who modified some resource: - updating a request state - updating a user record.

UpgradeWindowStartUpdatedCode is the edit code of UpgradeWindowStartUpdateEvent.

UpgradeWindowStartUpdateEvent is emitted when the upgrade window start time is updated.

URL is used for a session upload URL.

UseFIPSQueryParam is the URL query parameter used for enabling FIPS endpoints for AWS S3/Dynamo.

UserConnector is the connector used to create the user.

UserCreateCode is the user create event code.

UserCreateEvent is emitted when the user is created.

UserDeleteCode is the user delete event code.

UserDeleteEvent is emitted when the user is deleted.

UserExpires is when the user will expire.

UserHeadlessLoginApprovedCode is an event code for when headless login attempt was successfully approved.

UserHeadlessLoginApprovedFailureCode is an event code for when headless login was approved with an error.

UserHeadlessLoginRejectedCode is an event code for when headless login attempt was rejected.

UserHeadlessLoginRequestedCode is an event code for when headless login attempt was requested.

UserLocalLoginCode is the successful local user login event code.

UserLocalLoginFailureCode is the unsuccessful local user login event code.

UserLoginEvent indicates that a user logged into web UI or via tsh.

UserPasswordChangeCode is an event code for when user changes their own password.

UserPasswordChangeEvent is when the user changes their own password.

UserRoles is a list of roles for the user.

UserSSOLoginCode is the successful SSO user login event code.

UserSSOLoginFailureCode is the unsuccessful SSO user login event code.

UserSSOTestFlowLoginCode is the successful SSO test flow user login event code.

UserSSOTestFlowLoginFailureCode is the unsuccessful SSO test flow user login event code.

UserUpdateCode is the user update event code.

UserUpdatedEvent is emitted when the user is updated.

V1 is the V1 version of slice chunks API, it is 0 because it was not defined before.

V2 is the V2 version of slice chunks API.

V3 is almost like V2, but it assumes that session recordings are being uploaded at the end of the session, so it skips writing session event index on the fly.

WindowsDesktopSessionEndEvent is emitted when a user disconnects from a desktop.

WindowsDesktopSessionStartEvent is emitted when a user attempts to connect to a desktop.

X11ForwardCode is the x11 forward event code.

X11 forwarding event.

X11ForwardFailureCode is the x11 forward failure event code.

AuditFailedEmit increments the counter if audit event failed to emit.

MetricQueriedTrimmedEvents counts the number of events that were trimmed before being returned from a query.

MetricStoredTrimmedEvents counts the number of events that were trimmed before being stored.

AsyncEmitter accepts events to a buffered channel and emits events in a separate goroutine without blocking the caller.

AsyncEmitterConfig provides parameters for emitter.

AuditLog is a new combined facility to record Teleport events and sessions.

AuditLogConfig specifies configuration for AuditLog server.

CallbackEmitter invokes a callback on every action, is used in tests to inject failures.

CallbackEmitterConfig provides parameters for emitter.

CallbackStream call.

CallbackStreamer ensures that event fields have been set properly and reports statistics for every wrapper.

CallbackStreamerConfig provides parameters for streamer.

CheckingEmitter ensures that event fields have been set properly and reports statistics for every wrapper.

CheckingEmitterConfig provides parameters for emitter.

DiscardAuditLog is do-nothing, discard-everything implementation of IAuditLog interface used for cases when audit is turned off.

DiscardEmitter discards all events.

DiscardRecorder returns a stream that discards all events.

DiscardStreamer creates DiscardRecorders.

Event describes an audit log event.

FileLog is a file local audit events log, logs all events to the local file in json encoded form.

FileLogConfig is a configuration for file log.

Header returns information about playback.

LoggingEmitter logs all events with info level.

MultiEmitter writes audit events to multiple emitters.

MultiLog is a logger that fan outs write operations to all loggers, and performs all read and search operations on the first logger that implements the operation.

NoOpPreparer is a SessionEventPreparer that doesn't change events.

Preparer sets necessary unset fields in session events.

PreparerConfig configures an event setter.

ProtoReader reads protobuf encoding from reader.

ProtoReaderStats contains some reader statistics.

ProtoStream implements concurrent safe event emitter that uploads the parts in parallel to S3.

ProtoStreamConfig configures proto stream.

ProtoStreamer creates protobuf-based streams uploaded to the storage backends, for example S3 or GCS.

ProtoStreamerConfig specifies configuration for the part.

ReportingStream reports status of uploads to the events channel.

ReportingStreamer reports upload events to the eventsC channel, if the channel is not nil.

SearchEventsLimiter allows to wrap any AuditLogger with rate limit on search events endpoints.

SearchEventsLimiterConfig is configuration for SearchEventsLimiter.

SessionWriter wraps session stream and writes session events to it.

SessionWriterConfig configures session writer.

SessionWriterStats provides stats about lost events and slow writes.

SSHPlaybackWriter reads messages from an SessionReader and writes them to disk in a format suitable for SSH session playback.

StreamerAndEmitter combines streamer and emitter to create stream emitter.

StreamPart represents uploaded stream part.

StreamUpload represents stream multipart upload.

UploadCompleter periodically scans uploads that have not been completed and completes them.

UploadCompleterConfig specifies configuration for the uploader.

UploadEvent is emitted by uploader and is used in tests.

UploadMetadata contains data about the session upload.

WriterEmitter is an emitter that emits all events to the external writer.

WriterLog is an audit log that emits all events to the external writer.

AuditLogger defines which methods need to implemented by audit loggers.

AuditLogSessionStreamer is the primary (and the only external-facing) interface for AuditLogger and SessionStreamer.

MultipartHandler handles both multipart uploads and downloads.

MultipartUploader handles multipart uploads and downloads for session streams.

ServerMetadataGetter represents interface that provides information about its server id.

ServerMetadataSetter represents interface that provides information about its server id.

SessionEventPreparer will set necessary event fields for session-related events and must be called before the event is used, regardless of whether the event will be recorded, emitted, or both.

SessionMetadataGetter represents interface that provides information about events' session metadata.

SessionMetadataSetter represents interface that sets session metadata.

SessionPreparerRecorder sets necessary session event fields and records them.

SessionReader provides method to read session events one by one.

SessionRecorder records session events.

SessionStreamer supports streaming session chunks or events.

StreamEmitter supports emitting single events to the audit log and streaming events to a session recording.

Streamer creates and resumes event streams for session IDs.

UploadHandler is a function supplied by the user, it will upload the file.

UploadMetadataGetter gets the metadata for session upload.

ByTimeAndIndex sorts events by time extracting timestamp from JSON field and if there are several session events with the same session by event index, regardless of the time.

EventFields instance is attached to every logged event.