Get started
Yandex Audit Trails

Audit event log

Written by

The format of entries in the audit log is universal for all operations. The values of some fields are determined by the source service and the event type.

An event object is the service resource that the operation is performed with. An event subject is an account on behalf of which the operation is performed.

Data schema

[{
  "event_id": string,
  "event_source": string,
  "event_type": string,
  "event_time": string,
  "authentication": {
    "authenticated": boolean,
    "subject_type": string,
    "subject_id": string,
    "subject_name": string
  },
  "authorization": {
    "authorized": boolean
  },
  "resource_metadata": {
    "cloud_id": string,
    "cloud_name": string,
    "folder_id": string,
    "folder_name": string
  },
  "request_metadata": {
    "remote_address": string,
    "user_agent": string,
    "request_id": string
  },
  "event_status": string,
  "details": {
    object
  }
}]
Field Description
event_id string
Event ID.
event_source string
Name of the event source service.
event_type string
Event type. Determined by the event source service. For more information, see Event reference.
event_time string
The time the event occurred.
authentication object
Authentication data of the event subject.
authentication.authenticated boolean
Authentication result. Possible values:
  • true: Authentication successful.
  • false: Authentication failed.
authentication.subject_type string
Subject type. Possible values:
  • YANDEX_PASSPORT_USER_ACCOUNT: A Yandex account.
  • SERVICE_ACCOUNT: A service account.
  • FEDERATED_USER_ACCOUNT: A federated account.
authentication.subject_id string
Subject ID.
authentication.subject_name string
Subject name.
Authorization object
Authorization data of the event subject.
authorization.authorized boolean
Authorization result. Possible values:
  • true: Authorization successful.
  • false: Authorization failed.
resource_metadata object
Metadata of the event object.
resource_metadata.cloud_id string
Cloud ID.
resource_metadata.cloud_name string
Cloud name.
resource_metadata.folder_id string
Folder ID.
resource_metadata.folder_name string
Folder name.
request_metadata object
Details of a query triggering the event.
request_metadata.remote_address string
IP address of an event subject.
request_metadata.user_agent string
User-agent of an event subject.
request_metadata.request_id string
Query ID.
event_status string
Event status. Determined by the source service and the event type. Possible values:
  • STARTED: Operation started.
  • ERROR: Operation failed.
  • DONE: Operation successful.
  • CANCELLED: Operation canceled.
details object
Event details. Determined by the source service and the event type.