Yandex Audit Trails overview
Yandex Audit Trails allows you to collect audit logs at the configuration and service level for Yandex Cloud resources and upload them to Object Storage buckets, Data Streams streams, or Cloud Logging log groups:
- Uploading audit logs to a bucket.
- Uploading audit logs to Cloud Logging.
- Uploading audit logs to a data stream.
Collecting audit logs enables you to use analytical tools and promptly respond to Yandex Cloud events:
- Searching audit logs in a bucket.
- Searching audit logs in a log group.
- Exporting audit logs to SIEM systems.
- Alert settings in Yandex Monitoring.
Management audit logs
Audit Trails collects management event audit logs for the following Yandex Cloud services:
- Yandex Application Load Balancer
- Yandex Audit Trails
- Yandex Certificate Manager
- Yandex Cloud DNS
- Yandex Cloud Logging
- Yandex Compute Cloud
- Yandex Identity and Access Management
- Yandex Key Management Service
- Yandex Lockbox
- Yandex Managed Service for ClickHouse®
- Yandex Managed Service for GitLab
- Yandex Managed Service for MongoDB
- Managed Service for Kubernetes
- Yandex Managed Service for MySQL
- Yandex Managed Service for PostgreSQL
- Yandex Managed Service for Redis
- Yandex Network Load Balancer
- Yandex Object Storage
- Yandex Cloud Organization
- Yandex Resource Manager
- Yandex Virtual Private Cloud
- Yandex Managed Service for YDB
- Yandex Query
The following management events are logged:
- Logins by federated users
- Creating/deleting service accounts
- Creating/deleting keys of service accounts
- Editing user roles and service accounts
- Creating/deleting resources
- Editing resource settings
- Stopping/restarting a resource
- Changing access policies
- Creating/editing security groups
- Actions with encryption keys and secrets
Data audit logs
Audit Trails collects data event audit logs for the following Yandex Cloud services:
- Yandex Cloud DNS
- Yandex Lockbox
- Yandex Key Management Service
- Yandex Object Storage
- Yandex Managed Service for PostgreSQL
- Yandex Managed Service for MongoDB
- Yandex Managed Service for MySQL
Current service limits
The audit log does not capture authentication errors. For example, if a user makes an API call without an IAM token, this information will not be included in the audit logs.
The log captures authorization errors. For example, if a user attempts to create a resource without sufficient privileges, the log will include an error message.
The service has quotas and limits.
If you upload audit logs to a log group or a data stream, make sure their size is both within the Audit Trails limits and the Yandex Cloud Logging and Yandex Data Streams limits. If the limits are exceeded, information in event audit logs that are large in size will be incomplete.
We also recommend uploading audit logs to the Object Storage bucket.
Note
The retention period of audit logs in a trail with the Error
status is limited. There is no guarantee that logs that are older than 28 days will be delivered once the trail returns to the Active
status.
ClickHouse® is a registered trademark of ClickHouse, Inc