How are the Session recordings supposed to work for Applications ? #11334
-
|
Hi, I'm new to teleport I successfully installed a new application which is usable, but I'm unable to get any other logs than "session start" and "session end". |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 6 replies
-
|
Here's how you can play back the actions from a given session. Please note that app session chunks are synced every 5 minutes, so if you don't see the data for a given chunk ID, wait 5 minutes and it should appear.
gus@apollo:~$ tsh play --format=json 86dbff04-5793-4cc2-9d9f-9fad0bdc23f0 | jq
{
"ei": 0,
"event": "app.session.request",
"uid": "1f36aa5f-fd92-4947-94bb-87409ce2424c",
"code": "T2009I",
"time": "2022-03-22T13:36:13.381Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 1,
"event": "app.session.request",
"uid": "2c58e436-4880-4a50-8bf1-d7652105fbcd",
"code": "T2009I",
"time": "2022-03-22T13:36:13.45Z",
"cluster_name": "purple",
"status_code": 304,
"path": "/public/fonts/roboto/RxZJdnzeo3R5zSexge8UUVtXRa8TVwTICgirnJhmVJw.woff2",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 2,
"event": "app.session.request",
"uid": "a46626ef-1247-4c60-9c6c-7bd3e3d4ac06",
"code": "T2009I",
"time": "2022-03-22T13:36:13.498Z",
"cluster_name": "purple",
"status_code": 304,
"path": "/public/img/grafana_icon.svg",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 3,
"event": "app.session.request",
"uid": "3b6ee559-7769-4d85-b873-a5d6368f2c8a",
"code": "T2009I",
"time": "2022-03-22T13:36:13.51Z",
"cluster_name": "purple",
"status_code": 304,
"path": "/public/fonts/roboto/CWB0XYA8bzo0kSThX0UTuA.woff2",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 4,
"event": "app.session.request",
"uid": "896ef3c0-ca18-415b-94d0-56a834d44683",
"code": "T2009I",
"time": "2022-03-22T13:36:14.074Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/avatar/7f57e5c7eaa12f8f986b37e06d115d48",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 5,
"event": "app.session.request",
"uid": "84ea7255-a44c-46b4-b4a4-a1e1ccaf9086",
"code": "T2009I",
"time": "2022-03-22T13:36:14.215Z",
"cluster_name": "purple",
"status_code": 304,
"path": "/public/fonts/fontawesome-webfont.woff2",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 6,
"event": "app.session.request",
"uid": "7713edf3-f4d6-4eef-b368-8ebaddc6b144",
"code": "T2009I",
"time": "2022-03-22T13:36:14.373Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/dashboards/home",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 7,
"event": "app.session.request",
"uid": "7eb324c0-4be6-4e4b-bbc8-415e72769510",
"code": "T2009I",
"time": "2022-03-22T13:36:14.382Z",
"cluster_name": "purple",
"status_code": 304,
"path": "/public/img/fav32.png",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 8,
"event": "app.session.request",
"uid": "ebbed3b8-95c4-4fd9-a1cf-295a1260c808",
"code": "T2009I",
"time": "2022-03-22T13:36:14.483Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/plugins",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 9,
"event": "app.session.request",
"uid": "4d00da94-c3cd-4857-892b-96a1fef6a25d",
"code": "T2009I",
"time": "2022-03-22T13:36:14.493Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/search",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 10,
"event": "app.session.request",
"uid": "dcf80448-7444-4146-acc3-76db68bc6aaf",
"code": "T2009I",
"time": "2022-03-22T13:36:14.502Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/search",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 11,
"event": "app.session.request",
"uid": "13295288-00e1-4d1a-9007-7e08419df65b",
"code": "T2009I",
"time": "2022-03-22T13:36:14.503Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/search",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 12,
"event": "app.session.request",
"uid": "fcfac8cf-136f-4bbf-869c-2663906d4eef",
"code": "T2009I",
"time": "2022-03-22T13:36:14.558Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/search",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 13,
"event": "app.session.request",
"uid": "eba5a73e-f39e-484b-a4cf-967b46111a21",
"code": "T2009I",
"time": "2022-03-22T13:36:14.558Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/search",
"raw_query": "",
"method": "GET",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}
{
"ei": 14,
"event": "app.session.request",
"uid": "664cd17f-fba5-4584-9c05-d0792ce07bfc",
"code": "T2009I",
"time": "2022-03-22T13:36:24.691Z",
"cluster_name": "purple",
"status_code": 200,
"path": "/api/frontend-metrics",
"raw_query": "",
"method": "POST",
"app_uri": "http://localhost:3000",
"app_public_addr": "grafana.gus.teleportdemo.com",
"app_name": "grafana"
}I appreciate that this process is currently a little convoluted - we hope to improve app session playback in future releases. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the info ! |
Beta Was this translation helpful? Give feedback.
-
|
Hello, |
Beta Was this translation helpful? Give feedback.
-
This is not currently implemented. The feature request is tracked here: #15892
There is currently no way for Teleport itself to do this - it would require a client side tool like a browser extension. If you require a video of the session, your best bet would be to have users log onto the application using Teleport Windows Desktop access, which records full graphical sessions from start to finish. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot for your reply! |
Beta Was this translation helpful? Give feedback.
-
|
I've just realised this doesn't work for Teleport Cloud customers, because you can't log onto the auth server to get the chunks. You can use |
Beta Was this translation helpful? Give feedback.
-
|
Is it possible to create a feature request for this? Not having audit logs for web apps kinda makes it unusable for any regulated enterprise environment |
Beta Was this translation helpful? Give feedback.
-
|
All the current requests we're tracking for application access playback are here: #11418 Please feel free to add to that. |
Beta Was this translation helpful? Give feedback.
-
|
Are the POST body requests stored anywhere? |
Beta Was this translation helpful? Give feedback.
-
|
Not currently. There is a feature request for adding this for AWS access open here: #23523 If this isn't specific enough please feel free to open another request. |
Beta Was this translation helpful? Give feedback.
Here's how you can play back the actions from a given session. Please note that app session chunks are synced every 5 minutes, so if you don't see the data for a given chunk ID, wait 5 minutes and it should appear.
session_chunk_idtsh login --proxy=teleport.example.com, then runtsh play --format=json <session_chunk_id> | jq