Forwarding Audit Logs
On this page
SingleStore Helios supports forwarding audit logs to third-party tools.
-
Amazon CloudWatch
-
Amazon S3
-
Azure Blob
-
Azure Log Analytics
-
Datadog
-
Kafka
-
Loki
-
New Relic
-
Slack
-
Splunk
See Outputs for a list of all the supported integrations.
Prerequisites
Contact SingleStore Support and provide the requested information to configure audit log forwarding.
Requirements
Here are the requirements for some common supported third-party integrations:
Amazon CloudWatch
-
Your AWS access key ID and secret access key.
-
log_: The name of the CloudWatch Log Group to send records to.group_ name -
log_: The name of the CloudWatch Log Stream to send records to.stream_ name -
region: The AWS region.
See Amazon CloudWatch for more information.
Amazon S3
-
Your AWS access key ID and secret access key.
-
bucket: The name of your S3 bucket. -
region: The AWS region of your S3 bucket.
See Amazon S3 for more information.
Datadog
-
apikey: Your Datadog API key. -
Host: The Datadog server to send logs to.
-
TLS: Enable/disable end-to-end security communications protocol.
See Datadog for more information.
Audit Log Formats
Audit logs are parsed and represented as JSON formatted records in third-party tools.
Each forwarded audit log record can have one of the following schema:
Schema for First Line
The first line of a log file describes the reason/action that resulted in the creation of a new log file:
{"id": "0","time": "2022-06-21 18:49:25.888","origin": "Log opened on MemSQL startup","version": "Format version 2","action": "Logging at level ADMIN-ONLY-INCLUDING-PARSE-FAILS"}
|
Field |
Description |
|---|---|
|
|
Represents the unique identifier for the log entry within the scope of a single log file. |
|
|
Specifies the local timestamp when the action/event occurred. |
|
|
Specifies the reason/event that resulted in the creation of the log file. |
|
|
Specifies the log format version. |
|
|
Specifies the reason/event that opened or rotated the log file. |
Schema for Login Attempt Logs
Each login attempt is logged in the following format:
{"id": "28179","endpoint": "node-37775b0a-6feb-4b61-98a7-master-0:3306","nodetype": "agg","threadid": "99996","username": "root","remotehost": "localhost","usergrant": "root@%","authtype": "password","status": "SUCCESS"}
|
Field |
Description |
|---|---|
|
|
Represents the unique identifier for the log entry within the scope of a single log file. |
|
|
Specifies the hostname or IP address of the SingleStore Heliosworkspace. |
|
|
Specifies the type of node. |
|
|
Specifies the ID of the thread that is running the statement. |
|
|
Specifies the username that is trying to log in. |
|
|
Specifies the hostname or IP address that the client is using to connect to the workspace. |
|
|
The |
|
|
Specifies the authentication method for the user, for example |
|
|
Indicates the |
Schema for General Entries
Queries are logged as general entries in the following format:
{"id": "28151","endpoint": "node-37775b0a-6feb-4b61-98a7-master-0:3306","nodetype": "agg","aggregatorid": "1","threadid": "99996","username": "root","database": "[unknown]","queryhash": "3505599087362974304","query": "GRANT CREATE LINK\\,DROP LINK\\,SHOW LINK ON *.* TO 'admin'"}
|
Field |
Description |
|---|---|
|
|
Represents the unique identifier for the log entry within the scope of a single log file. |
|
|
Specifies the hostname or IP address of the SingleStore Heliosworkspace. |
|
|
Specifies the type of node. |
|
|
Specifies the ID of the aggregator that is running the query. |
|
|
Specifies the ID of the thread that is running the query. |
|
|
Specifies the username that is running the query. |
|
|
Specifies the database name. |
|
|
Specifies the unique hash of the query signature or the query text. |
|
|
Specifies the query signature or the query text. |
Last modified: November 28, 2022