Hi!
I am trying to configure event sinks on Boundary workers and controllers. I have configured both stderr and file sinks to capture events. However I am running into the following issues:
Controller → the file for the sink is not being created.
Worker → the file for the sink is being created, however no actual audit events appear there ( I am trying to catch authorization events towards targets )
Both the controller and the worker are running version 0.20.0 of Boundary.
The controller is deployed as an EKS cluster. The workers are deployed separately as EC2 instances.
Here is what we currently have for the events stanza.
Controller:
events {
audit_enabled = true
observations_enabled = true
sysevents_enabled = true
telemetry_enabled = false
sink "stderr" {
name = "all-events"
description = "All events sent to stderr"
event_types = ["*"]
format = "cloudevents-json"
}
sink {
name = "all-events-sink"
description = "All events to a file"
event_types = ["*"]
format = "cloudevents-json"
file {
path = "/tmp"
file_name = "bound-controller.log"
}
audit_config {
audit_filter_overrides {
sensitive = ""
secret = ""
}
}
}
}
Worker:
'events {',
' audit_enabled = true',
' observations_enabled = true',
' sysevents_enabled = true',
' telemetry_enabled = false',
'',
' sink "stderr" {',
' name = "all-events"',
' description = "All events sent to stderr"',
' event_types = ["audit", "observation", "error", "system"]',
' format = "cloudevents-json"',
' }',
'',
' sink {',
' name = "worker-all-events"',
' description = "Audit events written to file"',
' event_types = ["*"]',
' format = "cloudevents-json"',
'',
' file {',
' path = "/var/log/boundary"',
' file_name = "bound-worker.log"',
' }',
I’ve attempted to configure event sinks in several different ways including using a wildcard to capture all event types but I’m still unable to produce any audit logs.
I’ve confirmed that the boundary user inside the controller pods has write permissions to /tmp, so filesystem access doesn’t appear to be the issue.
My goal is to achieve what is described in this section of the Event Sink documentation:
( I also tried copying the same event config provided in the article to no avail )
Specifically, I’m trying to generate events that show when a user starts or ends a session/connection to a target.
Could you advise on any configuration steps I may be missing in my current setup?
I would also appreciate clarification on whether these session-related events are supported in the Boundary Community Edition, or if they are only available in the Enterprise Edition?