Stream Astra DB audit logs

Stream your Astra DB audit logs through Astra Streaming to an external system.

To enable audit log streaming, you must do one of the following:

Create an Astra Streaming topic for audit logs

Audit log streaming requires a streaming tenant in the AWS us-east-2 region. You can create a new tenant with the Astra Streaming quickstart or use an existing Astra Streaming tenant.

  1. In the Astra Portal, go to Streaming.

  2. Select an existing tenant or create a streaming tenant in AWS us-east-2, and then create a namespace and topic in the tenant.

    For more information about creating tenants, namespaces, and topics, see Astra Streaming quickstart.

  3. On the Namespace and Topics page, click the new topic, and then copy the topic’s Full Name, such as persistent://aws-us-east-2-mk/NAMESPACE_NAME/TOPIC_NAME.

  4. If necessary, create additional audit log topics, and then record the Full Name for each topic. You can use topics to organize audit logs by event type or other criteria.

  5. In the Astra Portal, go to Streaming, and then click your audit log streaming tenant.

  6. On the Connect tab, click Download client.conf.

  7. To finalize the configuration, do one of the following:

Configure audit log streaming with the DevOps API

You can use the Astra DB DevOps API telemetry endpoint to configure audit log streaming instead of providing the configuration details to DataStax Support.

  1. In the Astra Portal, create an application token with the Organization Administrator role.

  2. Create the audit log streaming configuration using the values from the tenant’s client.conf file and your Pulsar configuration:

    curl -sS --location -X POST "https://api.astra.datastax.com/v2/organizations/ORG_ID/telemetry/auditLogs" \
--header "Authorization: Bearer APPLICATION_TOKEN" \
--header "Accept: application/json"
--data '{
  "pulsar": {
    "endpoint": "pulsar+BROKER_SERVICE_URL",
    "auth_strategy": "token",
    "topic": "TOPIC_FULL_NAME",
    "auth_name": "token",
    "token": "PULSAR_AUTHENTICATION_TOKEN"
  }
}'

    Replace the following:

    • ORG_ID: Your Astra DB organization ID.

    • APPLICATION_TOKEN: Your Astra DB application token.

    • BROKER_SERVICE_URL: The Astra Streaming broker service URL, such as ssl://pulsar-aws-useast2.streaming.datastax.com:6651.

    • TOPIC_FULL_NAME: The full name of the Astra Streaming topic where you want to stream audit logs.

    • The auth_strategy and other authentication details depend on your Pulsar configuration.

      Response 
      HTTP/1.1 202 Accepted

  3. Retrieve and verify the audit log streaming configuration:

    curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/ORG_ID/telemetry/auditLogs" \
--header "Authorization: Bearer APPLICATION_TOKEN" \
--header "Accept: application/json"
    Response 
    {
  "pulsar": {
    "endpoint": "pulsar+ssl://pulsar-aws-useast2.streaming.datastax.com:6651",
    "topic": "persistent://aws-us-east-2-mk-2/default/audit-log",
    "auth_strategy": "token",
    "token": "********",
    "auth_name": "token"
  }
}

Delete an audit log streaming configuration

To delete an audit log streaming configuration, send a DELETE request.

Was this helpful?

Edit this page

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com