--- title: "Monitor Teleport with Datadog" description: "Learn how you can monitor the health and performance of your Teleport services and audit their activity." author: "Shanel Huang, Mallory Mooney" date: 2024-06-28 tags: ["log management", "security", "cloud siem", "teleport", "audit logs"] blog_type_id: the-monitor locale: en --- The [Teleport Access Platform](https://www.goteleport.com) delivers on-demand, least-privileged access to infrastructure (for SSH, Kubernetes, RDP, Web, databases, and clouds) on a foundation of cryptographic identity and zero trust, which eliminates the attack surfaces of both shared secrets and standing privileges. Teleport also improves the efficiency of engineering teams, makes infrastructure resilient to human error, improves compliance and audit reporting, and defends infrastructure and applications against identity provider compromise. We're excited to announce our [Agent-based integration](https://docs.datadoghq.com/integrations/teleport.md) with the Teleport platform, enabling you to easily [monitor your Teleport services](#monitor-teleport-services) and [audit user session activity](#closely-audit-user-sessions). ## Monitor Teleport services The primary components of a Teleport cluster—the [auth and proxy services and agents](https://goteleport.com/how-it-works/#:~:text=Teleport%20architecture)—all need to run efficiently in order to keep your infrastructure secure. If one of these components fails, your users may not be able to access your infrastructure, and its internal resources may become vulnerable to threats. Datadog's Teleport integration collects a [suite of metrics](https://docs.datadoghq.com/integrations/teleport.md#data-collected) for monitoring the health and performance of each critical service, which you can visualize in an out-of-the-box dashboard. ![Teleport Dashboard](https://web-assets.dd-static.net/42588/1776304899-teleport-integration-teleport-dashboard.png) The dashboard enables you to track any significant changes in key Teleport metrics. For example, a sudden spike in the number of failed login attempts could signify an issue with the auth service, which manages the Teleport cluster's local users and configuration resources. Conversely, a sudden high volume of concurrent sessions could indicate a brute-force attack against your servers. You can mitigate this kind of activity by modifying the cluster's `max_sessions` setting, which limits the number of sessions allowed for a single connection. ## Closely audit user sessions Knowing who is accessing your infrastructure resources, such as Kubernetes clusters and databases, is another critical part of ensuring Teleport's performance and security. [Datadog Cloud SIEM](https://www.datadoghq.com/product/cloud-siem/) enables you to closely audit user sessions via Teleport audit logs and detect any unusual behavior. For example, you can create a custom signal via Datadog Cloud SIEM that surfaces spikes in the number of login attempts per workstation, which is a common starting point for attacks. ![Teleport Cloud SIEM signal](https://web-assets.dd-static.net/42588/1776304904-teleport-integration-datadog-cloud-siem-teleport-signal.png) When Datadog detects an event like this, it will generate a security signal with relevant audit logs, which include the necessary information for investigation, such as the user's overall network activity, code execution, and file transfers. This data can help you determine if an attacker is using a workstation to access servers. You can also create custom security signals to automatically detect other types of activity captured in audit logs, giving you comprehensive monitoring coverage for your Teleport services. ## Stay on top of infrastructure access with Teleport and Datadog With Datadog's Teleport integration, you can ensure that your Teleport services are working as expected. It also enables you to monitor access across your entire infrastructure, so you can detect and prevent any suspicious activity. Check out our documentation to learn more about [enabling the Teleport integration](https://docs.datadoghq.com/integrations/teleport.md) for the Datadog Agent. If you don't already have a Datadog account, you can sign up for a .