Audit Logs
The accountability on the Ververica Platform is ensured by the Audit Logs feature, which provides a capturing mechanism of all the user actions via the UI or via the API.
Specification
Audit Logs are defined as a set of Audit Actions. Each Audit Action has two parts, i.e. a) the metadata and b) the resource related to the action in JSON format.
Audit Logs are searchable via the UI by occurred time, user or API Token, and action taken.
Endpoints
The following endpoints are available for interacting with the persisted Audit Logs:
| URI | Method | Description |
|---|---|---|
| /api/v1/logs/ | GET | List all Audit Logs of a given window, delivered paged |
| /api/v1/logs/reports | GET | CSV/JSON report of the Audit Logs for a given window |
Audit Logs are persisted in the corresponding database for 180 days.
Disable Audit Logs
By default, on Ververica Platform version 2.12 and later, Audit Logs are enabled. The logs can demand large space requirements if there are many updates to deployments or other resources within the platform. In case the feature needs to be disabled, the following snippet can be added to the Helm values.yaml file:
vvp:
auditor:
enabled: false
Additionally, the appmanager and gateway can be disabled on an individual basis by changing either's corresponding value: to false. The example below shows disabling the logs for appmanager while leaving the gateway enabled.
appmanager:
env:
- name: "vvp.auditor.enabled"
value: "false"
gateway:
env:
- name: "vvp.auditor.enabled"
value: "true"
By default, leaving value.auditor.enabled unspecified is equivalent to enabled: true.
Stream Audit Logs directly to Kafka
Ververica Platform Audit Logs can be directly streamed to a specified Kafka topic. This allows audit logs to be externalized, eliminating the need to access through the Ververica Platform web UI or extracted via REST API.
To integrate audit log data in an existing Kakfa ecosystem, configure through the Helm values.yaml file with the following annotation:
vvp:
auditor:
sync:
enabled: true
kafka:
downstream-conf:
topic: {your-audit-log-sync-topic}
start-time: "1970-01-01T00:00:00+00:00"
start-time-version: 1
kafka:
bootstrap-servers: {your-bootstrap-servers}
producer:
transaction-id-prefix: {your-transaction-id-prefix}
key-serializer: org.apache.kafka.common.serialization.StringSerializer
value-serializer: org.apache.kafka.common.serialization.StringSerializer
Replace {your-audit-log-sync-total}, {your-bootstrap-servers}, and {your-transaction-id-prefix} with your specific environment values.
Make note that Ververica Platform maintains the synchronization progress internally.
The increase of start-time-version integer will reset the internal synchronization progress and trigger the synchronization for all logs audited from the time specified by start-time.