Audit log for tctl clients and workers

I’m trying to figure out how provide a mechanism for auditing and in particular I have some doubts:

  • is there a “login” for the use of tctl cli (I’m thinking to ldap)? And in this case is possible to audit it on server (when and what user has logged in/out)?
  • is there a similar mechanism for workers (what worker has triggered what)?
  • these audit information can be retrieved from server log?

Just in case the logic is already implemented could you provide me some pointers to go code example?

Great thanks for your time and support