Audit Logging

Note

Audit logging is available when using Enterprise edition, where logs can be streamed to, and accessed through, third-party audit tools.

SingleStore Helios logs activities on both the Control Plane and Data Plane. This feature is useful for performing common information security tasks such as auditing, investigating suspicious activity, and validating access control policies.

Audit Logging Architecture

Control Plane

The Control Plane logs actions performed in the Cloud Portal, for example, workspace management, user administration, authentication events, changes to Cloud Portal configuration, and more. These logs help administrators monitor changes to the infrastructure, ensure compliance with security policies, and investigate access-related events. Access Control Plane logs via the /auditlogs endpoint in the Management API.

Refer to Control Plane Audit Logs for more information.

Data Plane

The Data Plane logs database related operations, for example, queries, system responses, administrative operations, etc. Additionally, SingleStore provides multiple logging levels for the Data Plane, and each level provides limited or exhaustive information about user actions and database responses. These logs are essential for monitoring user activity, detecting abnormal behavior, and analyzing data access patterns. Data plane audit logs can be forwarded to and accessed using third-party audit tools.

Refer to Control Plane Audit Logs for more information.

In this section

Last modified: August 26, 2025

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined
  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined
  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
    cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
    --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
    --bundle undefined \
    --new-bundle-format -
    Verified OK