ContextQMD
Back to Airbyte

Audit logging

docusaurus/platform_versioned_docs/version-2.0/enterprise-setup/audit-logging.md

2.0.04.1 KB
Original Source

import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';

Audit logging

Audit logging gives you visibility into data, environment, user, and permission changes. This data ensures you have records of any unauthorized changes and insider threats, making it easy to continue meeting your compliance obligations while using Airbyte.

What Airbyte logs

EventLogged operations
ConnectionsCreate, Update, Delete
SourcesCreate, Update, Delete, Partial Update, Upgrade Version
DestinationsCreate, Update, Delete, Partial Update, Upgrade Version
OrganizationsCreate, Update, Delete
WorkspacesCreate, Update, Delete, Update Name, Update Organization
PermissionsCreate, Update, Delete
UsersCreate, Update, Delete

How it works

You set up a blob storage solution to store audit logs. Then, you use Airbyte's values.yaml file to configure that storage solution in Airbyte. Once enabled, Airbyte writes audit logs to the /audit-logging/ directory as JSON files. These files have the following naming convention: <yyyyMMddHHmmss>_<hostname>_<random UUID>. You can process these logs outside of Airbyte using any tool you like.

Log format

Here is an example log for a deleted workspace. Logs for all events follow this same basic format.

json
{
  "id": "8478fcbd-d369-4bda-8d9b-b782cea5ad40",
  "timestamp": 1746724563299,
  "actor": {
    "actorId": "1c26c465-58h8-43e6-8jko-2252b7g8a9e2",
    "email": "[email protected]",
    "ipAddress": "192.000.000.0",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
  },
  "operation": "deleteWorkspace",
  "request": "<request object>",
  "response": "<response object>",
  "success": true,
  "errorMessage": null
}

Enable logging

Self-Managed Enterprise

To enable logging, set up a blob storage solution to store audit logs. Then, you use Airbyte's values.yaml file to configure that storage solution in Airbyte.

Step 1: Configure blob storage

Choose a new blob storage bucket with your chosen cloud provider (for example, AWS S3, GCS, or Azure Blob Storage). This bucket must be accessible by Airbyte's pods using the same credentials it uses to access your log and state storage.

Step 2: Configure audit logging in Airbyte

  1. Configure Airbyte to read from and write to that bucket by modifying your values.yaml file.

    <Tabs groupId="helm-chart-version"> <TabItem value='helm-1' label='Helm chart V1' default>
    yaml
    server:
  env_vars:
    AUDIT_LOGGING_ENABLED: true
    STORAGE_BUCKET_AUDIT_LOGGING: your-audit-logging-bucket
    </TabItem> <TabItem value='helm-2' label='Helm chart V2' default>
    yaml
    server:
  auditLoggingEnabled: true

storage:
  bucket:
    auditLogging: your-audit-logging-bucket-name-here
    </TabItem> </Tabs>

  2. Redeploy Airbyte.

    <Tabs groupId="helm-chart-version"> <TabItem value='helm-1' label='Helm chart V1' default>
    bash
    helm upgrade airbyte airbyte/airbyte \
  --namespace airbyte \   # Target Kubernetes namespace
  --values ./values.yaml  # Custom configuration values
    </TabItem> <TabItem value='helm-2' label='Helm chart V2' default>
    bash
    helm upgrade airbyte airbyte-v2/airbyte \
  --namespace airbyte-v2 \       # Target Kubernetes namespace
  --values ./values.yaml \       # Custom configuration values
  --version 2.x.x                # Helm chart version to use
    </TabItem> </Tabs>

Cloud

Airbyte implements audit logging on all Airbyte Cloud instances. You don't have access to these logs, but the Airbyte team can reference them if you need assistance with a security investigation.