Audit Log Storage

Audit logs can be configured to be stored in cloud storage such as S3 or ADLS Gen1.

Configuration Settings

The following configuration settings are used to configure audit log storage:

  • WATCHER_AUDIT_LOG_DST_DIR
  • WATCHER_S3_REGION
  • WATCHER_S3_ENCRYPT
  • WATCHER_AUDIT_UPLOAD_INTERVAL_SEC

Configuring Audit Log Storage on S3

To store audit logs on S3, you will need to have an S3 path where these logs will be stored. This should be done in the ODAS S3 Storage you created in the Prerequisites section.

An example configuration will have:

WATCHER_AUDIT_LOG_DST_DIR: s3://company/okera/audit
WATCHER_S3_REGION: us-east-1
WATCHER_S3_ENCRYPT: true

Configuring Audit Log Storage on ADLS Gen1

To store audit logs on ADLS Gen1, you will need to have an ADLS path where these logs will be stored. This should be done in the ODAS ADLS Storage you created in the Prerequisites section.

An example configuration will have:

WATCHER_AUDIT_LOG_DST_DIR: adl://<company>.azuredatalakestorage.net/odas/audit

Configuring Upload Intervals

By default, ODAS will upload audit logs every 5 minutes, but this can be modified by setting the WATCHER_AUDIT_UPLOAD_INTERVAL_SEC value to a different number of seconds.

For example, to configure ODAS to upload the audit logs every 15 seconds:

WATCHER_AUDIT_UPLOAD_INTERVAL_SEC: 15