Hi everyone,
I’m enabling audit events in Boundary.
My question is: is there any way to have “email” and “name” not as [REDACTED] in the created cloudevent logs? Can I explicitly set that somehow?
While I do understand the implications of that from a compliance standpoint, this wouldn’t be a problem for us, and would make it easier for us to integrate with our SIEM solution, as this is only used internally and connected to our OIDC solution.
My current configuration:
events {
audit_enabled = true
observations_enabled = true
sysevents_enabled = true
sink {
name = "obs-sink"
description = "Observations sent to a file"
event_types = ["*"]
format = "cloudevents-json"
file {
path = "/var/log/boundary"
file_name = "events.json"
}
}
Many thanks in advance.