Audit event log

Written by

Data schema

The format of entries in the audit log is universal for all operations. The values of some fields are determined by the source service and the event type.

An event object is the service resource that the operation is performed with. An event subject is an account on behalf of which the operation is performed.

Data schema

[{
  "event_id": string,
  "event_source": string,
  "event_type": string,
  "event_time": string,
  "authentication": {
    "authenticated": boolean,
    "subject_type": string,
    "subject_id": string,
    "subject_name": string
  },
  "authorization": {
    "authorized": boolean
  },
  "resource_metadata": {
    "cloud_id": string,
    "cloud_name": string,
    "folder_id": string,
    "folder_name": string
  },
  "request_metadata": {
    "remote_address": string,
    "user_agent": string,
    "request_id": string
  },
  "event_status": string,
  "details": {
    object
  }
}]

Field	Description
`event_id`	string Event ID.
`event_source`	string Name of the event source service.
`event_type`	string Event type. Determined by the event source service. For more information, see Event reference.
`event_time`	string The time the event occurred.
`authentication`	object Authentication data of the event subject.
`authentication.authenticated`	boolean Authentication result. Possible values: `true`: Authentication successful. `false`: Authentication failed.
`authentication.subject_type`	string Subject type. Possible values: `YANDEX_PASSPORT_USER_ACCOUNT`: A Yandex account. `SERVICE_ACCOUNT`: A service account. `FEDERATED_USER_ACCOUNT`: A federated account.
`authentication.subject_id`	string Subject ID.
`authentication.subject_name`	string Subject name.
`Authorization`	object Authorization data of the event subject.
`authorization.authorized`	boolean Authorization result. Possible values: `true`: Authorization successful. `false`: Authorization failed.
`resource_metadata`	object Metadata of the event object.
`resource_metadata.cloud_id`	string Cloud ID.
`resource_metadata.cloud_name`	string Cloud name.
`resource_metadata.folder_id`	string Folder ID.
`resource_metadata.folder_name`	string Folder name.
`request_metadata`	object Details of a query triggering the event.
`request_metadata.remote_address`	string IP address of an event subject.
`request_metadata.user_agent`	string User-agent of an event subject.
`request_metadata.request_id`	string Query ID.
`event_status`	string Event status. Determined by the source service and the event type. Possible values: `STARTED`: Operation started. `ERROR`: Operation failed. `DONE`: Operation successful. `CANCELLED`: Operation canceled.
`details`	object Event details. Determined by the source service and the event type.