Audit Log Events
Overview
As you and your team interact with Conduktor, audit events are captured that give a detailed tracking of actions taken against Kafka. This gives you centralized visibility of user-related and resource-related events. Audit log events.
The audit log events can be browsed, filtered and searched directly within Conduktor's UI or exported from a Kafka topic for any further use you may have for them, such as maintaining your own audit trail in other systems.
Clicking on an event in the audit log exposes event-specific metadata. The below example demonstrates an audit event for a new connector added, which can include metadata such as custom tags, the cluster, connector name and its ID.
Audit log events are also exported to a Kafka topic once configured with the right environment variables, here you can leverage all the benefits of Conduktor when finding a message.
Audit Events
Below outlines the audit events currently tracked by Conduktor.
Console
ResourceType: Topic
CRN: kafka:/cluster/<uuid>/topic/<topic-name>
- topic.ProducedRecord
- topic.Browsed
- topic.Deleted
- topic.Created
- topic.Updated
- topic.Emptied
- topic.Tagged
- topic.Untagged
ResourceType: Subject
CRN kafka:/cluster/<uuid>/subject/<subject-name>
- subject.Created
- subject.Updated
- subject.ChangedCompat
- subject.Deleted
- subject.DeletedVersions
- subject.DeletedVersion
ResourceType: SchemaRegistry
CRN kafka:/cluster/<uuid>
- registry.ChangedGlobalCompat
ResourceType: ConsumerGroup
CRN kafka:/cluster/<uuid>/group/<group-name>
- consumergroup.Created
- consumergroup.Updated (ResetOffsets)
- consumergroup.Deleted
ResourceType: Connector
CRN kafka:/cluster/<uuid>/connect/<connect-cluster-id>/<connector-name>
- connector.Created
- connector.Updated
- connector.Deleted
- connector.Restarted
- connector.RestartedTask
- connector.Paused
- connector.Resumed
Data Masking��
ResourceType: DatamaskingPolicy
CRN platform:/datamasking/<uuid>
- policy.Upserted
- policy.Deleted
Self-Service
ResourceType: Application
CRN platform:/application/<app-slug>
- application.Created
- application.Deleted
- application.Updated
- application.access-request.Approved from / to
- application.access-request.Rejected
Admin
ResourceType: Cluster
CRN kafka:/cluster/<uuid>
- cluster.Created
- cluster.Updated
- cluster.Deleted
ResourceType: Group
CRN platform:/group/<uuid>
- group.Created
- group.member.Added
- group.member.Deleted
- group.permission.Added
- group.permission.Deleted
ResourceType: User
CRN platform:/user/<email>
- user.Login
- user.permission.Added
- user.permission.Deleted
- user.platform_role.Updated
Exportable Audit Log Events
Audit log events from within the UI are being superceeded by a new set of audit log events that are exportable from a Kafka topic. The exportable audit log events have more detail, providing additional information about the event that has taken place.
Learn how to configure audit events for export via configuration properties.
The events conform to the CloudEvents specification, a vendor-neutral format that follows the following structure:
{
"specversion" : "1.0",
"type" : "com.github.pull_request.opened",
"source" : "https://github.com/cloudevents/spec/pull",
"subject" : "123",
"id" : "A234-1234-1234",
"time" : "2018-04-05T17:31:00Z",
"comexampleextension1" : "value",
"comexampleothervalue" : 5,
"datacontenttype" : "text/xml",
"data" : "<much wow=\"xml\"/>"
}
An example Conduktor event would look like:
{
"source": "//kafka/kafkacluster/production/topic/website-orders",
"data": {
"eventType": "Kafka.Topic.Create",
// Additional event specific data...
"metadata": {
"name": "website-orders",
"cluster": "production"
}
// Additional event specific metadata...
},
"datacontenttype": "application/json",
"id": "ad85122c-0041-421e-b04b-6bc2ec901e08",
"time": "2024-10-10T07:52:07.483140Z",
"type": "AuditLogEventType(Kafka,Topic,Create)",
"specversion": "1.0"
}
Below is the list of all the exported audit log event types, that are currently available. We are expanding the coverage to UI events and more in subsequent releases.
Kafka-Related Events
| Event Type | Description |
|---|---|
| Kafka.Subject.Create | Kafka subject is created. |
| Kafka.Subject.Update | Kafka subject is updated. |
| Kafka.Subject.Delete | Kafka subject is deleted. |
| Kafka.Subject.ChangeCompatibility | Kafka subject compatibility is changed |
| Kafka.Topic.Create | Kafka topic is created. |
| Kafka.Topic.Update | Kafka topic is updated. |
| Kafka.Topic.Delete | Kafka topic is deleted. |
| Kafka.Topic.Empty | Kafka topic is emptied. |
| Kafka.Topic.Browse | Kafka topic is browsed. |
| Kafka.Topic.ProduceRecord | Kafka topic record is produced. |
| Kafka.Topic.SqlQuery | Kafka topic is requested through Console SQL. |
| Kafka.Connector.Create | Kafka connector is created. |
| Kafka.Connector.Update | Kafka connector is updated. |
| Kafka.Connector.Delete | Kafka connector is deleted. |
| Kafka.Connector.Restart | Kafka connector is restarted. |
| Kafka.Connector.TaskRestart | Kafka connector task is restarted. |
| Kafka.Connector.Pause | Kafka connector is paused. |
| Kafka.Connector.Resume | Kafka connector is resumed. |
| Kafka.Connector.AutoRestartActivate | Kafka connector auto-restart is activated. |
| Kafka.Connector.AutoRestartStop | Kafka connector auto-restart is stopped. |
| Kafka.ConsumerGroup.Duplicate | Kafka consumer group is duplicated. |
| Kafka.ConsumerGroup.Update | Kafka consumer group is updated, when the offset is reset. |
| Kafka.ConsumerGroup.Delete | Kafka consumer group is deleted. |
IAM-Related Events
| Event Type | Description |
|---|---|
| Iam.User.Create | IAM user is created. |
| Iam.User.Update | IAM user is updated. |
| Iam.User.Delete | IAM user is deleted. |
| Iam.User.Login | IAM user logs in. |
| Iam.User.Logout | IAM user logs out. |
| Iam.Group.Create | IAM group is created. |
| Iam.Group.Update | IAM group is updated. |
| Iam.Group.Delete | IAM group is deleted. |
SelfService-Related Events
| Event Type | Description |
|---|---|
| SelfService.Application.Create | Self-service application is created. |
| SelfService.Application.Update | Self-service application is updated. |
| SelfService.Application.Upsert | Self-service application is created or updated. |
| SelfService.Application.Delete | Self-service application is deleted. |
| SelfService.ApplicationInstance.Create | Self-service application instance is created. |
| SelfService.ApplicationInstance.Update | Self-service application instance is updated. |
| SelfService.ApplicationInstance.Delete | Self-service application instance is deleted. |
| SelfService.ApplicationGroup.Create | Self-service application group is created. |
| SelfService.ApplicationGroup.Update | Self-service application group is updated. |
| SelfService.ApplicationGroup.Delete | Self-service application group is deleted. |
| SelfService.ApplicationPolicy.Create | Self-service application policy is created. |
| SelfService.ApplicationPolicy.Update | Self-service application policy is updated. |
| SelfService.ApplicationPolicy.Delete | Self-service application policy is deleted. |
| SelfService.ApplicationInstancePermission.Create | Permissions are created for an app instance. |
| SelfService.ApplicationInstancePermission.Delete | Permissions are deleted for an app instance. |
Admin-Related Events
| Event Type | Description |
|---|---|
| Admin.KafkaConnect.Create | Admin creates a Kafka Connect instance. |
| Admin.KafkaConnect.Update | Admin updates a Kafka Connect instance. |
| Admin.KafkaConnect.Delete | Admin deletes a Kafka Connect instance. |
| Admin.KsqlDB.Create | Admin creates a KsqlDB instance. |
| Admin.KsqlDB.Update | Admin updates a KsqlDB instance. |
| Admin.KsqlDB.Delete | Admin deletes a KsqlDB instance. |
| Admin.KafkaCluster.Create | Admin creates a Kafka cluster. |
| Admin.KafkaCluster.Update | Admin updates a Kafka cluster. |
| Admin.KafkaCluster.Delete | Admin deletes a Kafka cluster. |