Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v17] Document event filtering in the event handler #50738

Merged
merged 1 commit into from
Jan 6, 2025
Merged

[v17] Document event filtering in the event handler #50738

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions docs/pages/includes/plugins/finish-event-handler-config.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,21 @@ namespace = "default"
# for the default window size.
# The window size should be specified as a duration string, parsed by Go's time.ParseDuration.
window-size = "24h"
# types is a comma-separated list of event types to search when forwarding audit
# events. For example, to limit forwarded events to user logins
# and new Access Requests, you can assign this field to
# "user.login,access_request.create".
types = ""
# skip-event-types is a comma-separated list of types of events to skip. For
# example, to forward all audit events except for new app deletion events, you
# can include the following assignment:
# skip-event-types = "app.delete"
skip-event-types: []
# skip-session-types is a comma-separated list of session event types to skip.
# For example, to forward all session events except for malformed SQL packet
# events, you can include the following assignment:
# skip-session-types = "db.session.malformed_packet"
skip-session-types: []

[forward.fluentd]
ca = "/home/bob/event-handler/ca.crt"
Expand Down Expand Up @@ -48,6 +63,20 @@ eventHandler:
# for the default window size.
# The window size should be specified as a duration string, parsed by Go's time.ParseDuration.
windowSize: "24h"
# types is a list of event types to search when forwarding audit
# events. For example, to limit forwarded events to user logins
# and new Access Requests, you can assign this field to:
# ["user.login", "access_request.create"]
types: []
# skipEventTypes lists types of events to skip. For example, to forward all
# audit events except for new app deletion events, you can assign this to:
# ["app.delete"]
skipEventTypes: []
# skipSessionTypes lists session event types to skip. For example, to forward
# all session events except for malformed SQL packet events, you can assign
# this to:
# ["db.session.malformed_packet"]
skipSessionTypes: []

teleport:
address: "example.teleport.com:443"
Expand Down
Loading