# Configure Audit Logging To enable audit logging, configure audit log settings in the `globalVariables` section of your cluster custom resource (CR). Add the audit log configuration to your `sdb-cluster.yaml`: ```yaml apiVersion: memsql.com/v1alpha1 kind: MemsqlCluster metadata: name: sdb-cluster spec: license: adminHashedPassword: "" globalVariables: auditlog_level: ADMIN-ONLY auditlog_disk_sync: OFF auditlog_rotation_size: 134217728 auditlog_rotation_time: 3600 nodeImage: repository: singlestore/node tag: alma-8.7.10-28804d3b1b redundancyLevel: 2 aggregatorSpec: count: 2 cores: 8 memoryMB: 32768 storageGB: 256 leafSpec: count: 2 cores: 8 memoryMB: 32768 storageGB: 512 ``` Apply the configuration: ```yaml kubectl apply -f sdb-cluster.yaml ``` You can configure the following audit log variables: | Variable | Description | Default | Example | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -------------------------------- | | `auditlog_level` | Audit logging level. Refer to[Audit Logging Levels](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-logging-levels.md)for more information. | `OFF` | `ADMIN-ONLY`,`WRITES-ONLY`,`ALL` | | `auditlog_disk_sync` | Sync to disk after each write | `ON` | `OFF` | | `auditlog_retention_period` | Retention period (in days) for audit log files. A value of`0`retains log files on the server indefinitely. | `0` | `7`,`30`,`90` | | `auditlog_rotation_size` | Maximum log file size in bytes | `134217728` | `268435456` | | `auditlog_rotation_time` | Maximum time in seconds before rotation | `3600` | `7200` | ```sql SHOW GLOBAL VARIABLES LIKE 'audit%'; ``` Connect to your cluster and verify the settings: You can collect audit logs from your Kubernetes cluster using a Kubernetes Job. To automate report collection and upload to your storage backend, create a Kubernetes Job. This approach works with on-premises storage (NFS, local persistent volumes) and object storage systems (MinIO, S3-compatible storage). * Create storage credentials secret (one-time setup) For S3-compatible storage: ```shell kubectl create secret generic aws-credentials \ --from-literal=access-key-id=YOUR_ACCESS_KEY \ --from-literal=secret-access-key=YOUR_SECRET_KEY ``` For other storage backends, create appropriate secrets for your authentication method. * Create `cluster-collection-job.yaml` ```yaml apiVersion: batch/v1 kind: Job metadata: name: singlestore-report-collection spec: template: spec: serviceAccountName: tools containers: - name: report-collector image: singlestore/tools:latest command: ["/bin/bash", "-c"] args: - | # Collect the cluster report sdb-report collect-kube --cluster-name sdb-cluster --namespace default --output-path /tmp/report REPORT_FILE=$(ls -t /tmp/report/*.tar.gz | head -1) # Upload to S3-compatible object storage (e.g., MinIO) aws s3 cp $REPORT_FILE s3://${BUCKET_NAME}/cluster-reports/ --endpoint-url ${S3_ENDPOINT} # On-premises storage options: # - NFS: cp $REPORT_FILE /mnt/nfs/cluster-reports/ # - Local PV: cp $REPORT_FILE /mnt/storage/cluster-reports/ env: # S3-compatible storage configuration (e.g., MinIO) - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: storage-credentials key: access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: storage-credentials key: secret-access-key - name: BUCKET_NAME value: "your-bucket-name" - name: S3_ENDPOINT value: "http://minio:9000" # Optional: mount on-premises storage # volumeMounts: # - name: nfs-storage # mountPath: /mnt/nfs # - name: local-storage # mountPath: /mnt/storage restartPolicy: Never # Optional: define on-premises volumes # volumes: # - name: nfs-storage # nfs: # server: your-nfs-server # path: /path/to/storage # - name: local-storage # hostPath: # path: /path/to/local/storage # type: Directory backoffLimit: 3 ``` * Run the job ```shell kubectl apply -f cluster-collection-job.yaml ``` * Check progress and view logs ```shell # Check job status kubectl get jobs # View logs kubectl logs job/singlestore-report-collection # Verify upload to external storage # For S3-compatible object storage (for example, MinIO): aws s3 ls s3:///cluster-reports/ --endpoint-url # For NFS or local persistent storage (from a mounted node or pod): ls /mnt/nfs/cluster-reports/ ``` * Clean up (optional) ```shell kubectl delete job singlestore-report-collection ``` > **📝 Note**: Ensure the tools service account has the required RBAC permissions. Refer to [Create and Apply the Tools RBAC](https://docs.singlestore.com/db/v9.1/reference/singlestore-operator-reference/monitor-your-kubernetes-cluster/configure-cluster-monitoring-with-the-operator/#section-idm4480543687164833586936016529.md) for more information. *** Modified at: April 15, 2026 Source: [/db/v9.1/reference/singlestore-operator-reference/configure-audit-logging/](https://docs.singlestore.com/db/v9.1/reference/singlestore-operator-reference/configure-audit-logging/) (An index of the documentation is available at /llms.txt)