Audits

Lenses records and stores audit logs of every change made on the platform. Whenever user do actions like: adding topic / editing connection / inserting data etc. there will be proof of that action in the form of an audit log.

  1. From the header bar menu, go to Admin panel.
  2. On the side navigation, select Logs under the audits section.

There is a possibility of sending audits to external system. Check links below.

Audit log

Audit log has following external format:

{
  "type":"",
  "action":"",
  "user":"",
  "timestamp":1627456619536,
  "resourceId": "",
  "resourceName": "",
  "content": {}
}

Where:

  1. type - describes a resource of the change made by the user.

  2. action - describes an action made on the resource (type).

  3. user - one performing the action.

  4. timestamp - timestamp (ms) of the action.

  5. resourceId - optional field relevant only for some actions (i.e., name of the topic in case of an action performed on the topic).

  6. resourceName - optional field relevant only for some actions (i.e., name of the schema in case of an action performed on the schema registry). Often has the same value as resourceId.

  7. content - map with additional data. Content heavily depends on resource, but often is empty.

Resource x Action matrix

The amount of uniq audit logs produced by Lenses can cause confusion, so below we present complete permutation of resources and action Lenses track on.

  1. TOPIC: ADD / REMOVE / UPDATE
  2. TOPIC_REQUEST: REJECTED / FAILED / APPROVED / REQUESTED
  3. TOPIC_DATA: REMOVE / INSERT / UPDATE
  4. DATASET: VIEWED / UPDATE
  5. QUOTAS: ADD / REMOVE
  6. ACL: ADD / REMOVE
  7. SCHEMA: REMOVE / ADD / UPDATE
  8. PROCESSOR: ADD / REMOVE / STOPPED / STARTED / SCALED
  9. CONNECTOR: REMOVE / RESTARTED / ADD / PAUSED / UPDATE / STARTED
  10. CONSUMER_OFFSET: UPDATE
  11. DATA_POLICIES: ADD / UPDATE / REMOVE
  12. USER_MANAGEMENT_GROUP: ADD / UPDATE / REMOVE
  13. USER_MANAGEMENT_USER: ADD / UPDATE / REMOVE
  14. USER_MANAGEMENT_SERVICE_ACCOUNT: ADD / UPDATE / REMOVE
  15. LENSES: REMOVE
  16. USER: LOGIN / LOGOUT
  17. CONNECTION: ADD / VIEWED / REMOVE / UPDATE
  18. ALERT_EVENT: REMOVE
  19. ALERT_RULE: STARTED / STOPPED / UPDATE / ADD / REMOVE
  20. ALERT_CHANNEL: ADD / UPDATE / PATCH / REMOVE
  21. AUDIT_CHANNEL: ADD / UPDATE / PATCH / REMOVE
  22. EXTERNAL_APP: ADD / UPDATE / REMOVE
  23. TOPIC_SETTINGS: UPDATE

Notes:

LENSES: REMOVE - audit logged when user deletes old audit logs (API / CLI).

ALERT_EVENT: REMOVE - audit logged when user deletes old alert events (API / CLI).

Additional info

About audit channels .