Audit Logging
- Capella Operational
- concept
Audit logging is the process of recording and storing detailed logs of user and system activity within your application. This feature helps administrators track operational irregularities and supports regulatory and security compliance standards.
This page is for App Services Audit Logging. For Couchbase Capella Operational auditing, see Audit Events.
About Audit Logging
-
Audit Logs: Logs are structured in JSON format and capture essential details like who performed an action, what action was performed, when it occurred, and where the action took place. These logs are immutable once recorded and cannot be altered, ensuring the integrity of the records.
-
Configurability: Capella provides a high degree of flexibility, allowing administrators to enable, disable, and configure audit logging to fit their operational needs via the Management API.
-
Retrieving Audit Logs through Data Export and Streaming: Audit logs can be exported for download or streamed in real time to third-party observability platforms.
Configuring Audit Logging
Audit logging is an opt-in feature that you can enable and configure through the the Capella Operational Management API. Configuration options allow you to enable or disable audit logging, specify users whose actions will be excluded, and define which events will be captured, providing granular control over logging behavior.
Auditing Events
Audit logging provides robust control over event management:
-
Enable/Disable Audit Logging: Administrators can opt-in to enable or disable audit logging based on operational needs.
-
Filtering Events: By configuring the enabled event IDs, disabled users, or disabled roles, administrators can filter which events are logged and which users’ or roles’ actions are excluded from audit logging.
To see a list of available Audit Logs events and their corresponding IDs, see Audit Logging Events Reference. (Note that the bootstrap config and Admin API mentioned on the linked page do not apply to App Services. Use that page to determine which events you want to add to the App Services audit log.)
Retrieving Audit Logs
Audit logs are stored in Capella and are written in JSON-lines format. There is only one active audit log file at a time, which is periodically rotated. There are two ways to retrieve audit logs from Capella: through log export and zip download, or through real-time audit logs streaming.
Log Persistence
Couchbase does not guarantee the persistence of logs on Capella. To ensure that logs are retained for your required duration, it is recommended that you download them through logs export or retrieve them in real-time via streaming to a third-party platform or self-hosted log collector. |
Log Export and Download
Audit logs are exportable once they have been rotated. You can initiate the export of logs via the Capella Operational Management API by specifying a start and end date for the requested logs.
-
You can initiate multiple export jobs per App Service.
-
Each export job is assigned a unique ID.
-
When the export job status is ready, it returns a download URL. You can use this URL to download logs as a ZIP file from Amazon S3.
For details, see Export App Services Audit Logs.
Real-Time Audit Log Streaming
Capella App Services allows real-time streaming of audit logs to third-party observability platforms or self-hosted log collectors. This is managed via the Capella Operational Management API.
Supported Log Collector Providers:
-
Self-hosted collectors via HTTPS
For details, see Stream App Services Audit Logs.
Note that App Service audit log streaming is not the same as App Service log streaming, which allows real-time streaming of console logs to gain insights into the behavior of the application and has its own opt-in and configuration process.
Couchbase is not responsible for any third-party endpoints you configure. |
See Also
-
To manage App Services audit logs, see Manage Audit Logs.