Skip to main content
logoTetrate Service BridgeVersion: next

tctl audit

tctl audit

Get the audit logs for a given resource, showing the most recent events first

tctl audit <apiVersion/kind | kind | shortform> <name> [flags]

Examples

# Get the audit logs for a tenant using the apiVersion/Kind pattern
tctl audit api.tsb.tetrate.io/v2/Tenant

# Get audit logs for a workspace and all its child resources
tctl audit ws my-workspace --recursive

# Get audit logs for a workspace since a given date
tctl audit ws my-workspace --since "2021/10/21 15:54:44" --user "admin"

# Get audit logs related to security groups in the given workspcae
tctl audit ws my-workspace --recursive --kind "security.tsb.tetrate.io/v2/Group"
tctl audit ws my-workspace --recursive --kind "Group"

# Get the audit logs for a gateway group
tctl audit --workspace my-workspace GatewayGroup my-group

Group kind is available for different APIs, so these helpers are available to easily retrieve them:
- TrafficGroup
- SecurityGroup
- GatewayGroup
- IstioInternalGroup

These are the available short forms:
aab ApplicationAccessBindings
ab AccessBindings
ap AuthorizationPolicy
apiab APIAccessBindings
app Application
cobc ClusterOnboardingConfig
cobs ClusterOnboardingStatus
cs Cluster
dr DestinationRule
ef EnvoyFilter
eg EgressGateway
gab GatewayAccessBindings
gg GatewayGroup
gw networking.istio.io/v1beta1/Gateway
gwt gateway.tsb.tetrate.io/v2/Gateway
iab IstioInternalAccessBindings
ig IngressGateway
iig IstioInternalGroup
oab OrganizationAccessBindings
openapi api.tsb.tetrate.io/v2/API
org Organization
os OrganizationSetting
otm Metric
ots Source
pa PeerAuthentication
prof Profile
ra RequestAuthentication
sa ServiceAccount
sab SecurityAccessBindings
sd Sidecar
se ServiceEntry
sg SecurityGroup
sm SegmentationMembership
sp SegmentationPolicy
sr ServiceRoute
srs SegmentationRules
ss SecuritySetting
sss ServiceSecuritySetting
sts ServiceTrafficSetting
svc Service
t1 Tier1Gateway
tab TrafficAccessBindings
tg TrafficGroup
tnab TenantAccessBindings
tns TenantSetting
ts TrafficSetting
vs VirtualService
wab WorkspaceAccessBindings
wext WasmExtension
wp WasmPlugin
ws Workspace
wss WorkspaceSetting

For API version and kind, please refer to: https://docs.tetrate.io/service-bridge/latest/en-us/reference

Options

      --org string                  Organization the object belongs to
--tenant string Tenant the object belongs to
--cluster string Cluster the object belongs to
-w, --workspace string Workspace the object belongs to
-g, --group string Group the object belongs to
-t, --trafficgroup string Traffic group the object belongs to
-s, --securitygroup string Security group the object belongs to
-l, --gatewaygroup string Gateway group the object belongs to
-i, --istiointernalgroup string Istio internal group the object belongs to
-a, --application string Application the object belongs to
--api string API the object belongs to
-o, --output-type string Response output type: table, yaml, json (default "table")
--max-logs int32 Maximum number of entries to retrieve
--text string Filter events that contain the given text
--kind apiVersion/kind Only return entries of this kind. It can be apiVersion/kind or just `kind`
--severity string Filter events by severity
--operation string Filter events by operation
--user string Filter events generated by the given user
--since string Filter events since the given time. Must be in the format: "2006/01/02 15:04:05"
--recursive Get audit logs for child resources as well
-h, --help help for audit

Options inherited from parent commands

  -c, --config string               Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
--disable-tctl-version-warn If set, disable the outdated tctl version warning. Can also be
specified via TCTL_DISABLE_VERSION_WARN env variable.
-p, --profile string Use specific profile (default "default")