Log Event References

These references contain information about each StrongDM log type: the fields they might include and what sort of values could be expected to be set for those fields.

Log Stream events are only available for Enterprise organizations who are using the Log Stream feature.

For logs that are being delivered via Log Stream, the following event types are present:

• Activities: Activities are logs of user and administrator activity within the StrongDM platform, including authentications with StrongDM, adding or configuring resources, managing nodes, and managing users.
• Queries: Queries are logs of actual queries and actions by users against resources.
• Replays: Replays are logs of SSH, RDP, or Kubernetes sessions that allow a session to be rendered and viewed.

For logs that are generated locally on nodes (gateways/relays) and viewed via a method other than Log Stream, the following event types are present:

• Start: Start events are logs of queries and actions by users against resources.
• Post Start: Post Start events are events that relate to Start events and record any necessary amendments to a query later in the connection in situations where that might be necessary, such as when a query is spread across multiple payloads.
• Complete: Complete events are events that relate to Start events and record the duration of a query and the amount of records returned.
• Replay Chunks: Replay Chunk events contain the information for a particular chunk of a replay, and are able to be compiled, rendered, and viewed as replays.

You can find resources and information about the following StrongDM topics in this section:

• Log Stream - Activities
• Log Stream - Queries
• Log Stream - Replays
• Node Logs - Complete
• Node Logs - Post Start
• Node Logs - Replay Chunks
• Node Logs - Start