Get started
Yandex Audit Trails

Uploading organization audit logs to Data Streams

Written by

Create a new trail to upload audit logs for all of an organization's resources to a Data Streams data stream.

Prepare the environment

To export organization audit logs:

  1. Create a data stream to upload audit logs.

  2. Create a service account.

  3. Assign roles to the service account:

    If you don't have the Yandex Cloud command line interface yet, install and initialize it.

    The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

    • audit-trails.viewer for the organization whose audit logs will be collected:

      yc organization-manager organization add-access-binding \
  --role audit-trails.viewer \
  --id <organization ID> \
  --service-account-id <service account ID>

      Where:

      • role: The role assigned.
      • id: The ID of the organization from whose resources the audit logs will be collected.
      • service-account-id: The ID of your service account.

    • yds.writer for the folder to host the trail:

      yc resource-manager folder add-access-binding \
  --role yds.writer \
  --id <folder ID> \
  --service-account-id <service account ID>

      Where:

      • role: The role assigned.
      • id: The ID of the folder to host the trail:
      • service-account-id: The ID of your service account.

  4. On the Access bindings page, make sure you have the following roles:

    • iam.serviceAccounts.user for the service account.
    • audit-trails.editor for the folder to host the trail.
    • audit-trails.viewer for the organization whose audit logs will be collected.
    • yds.viewer for the Data Streams data stream.

Create a trail

To create a trail that exports organization audit logs:

  1. In the management console, select the folder where you wish to host the trail.
  2. Select Audit Trails.
  3. Click Create trail and specify:
    • Name: The name of the trail being created.
    • Description: A description of the trail (optional).
  4. Under Filter, set up the audit log scope:
    • Resource: Select Organization.
    • Organization: An automatically populated field containing the name of the current organization.
  5. Under Destination, set up the destination object:
    • Destination: Data Streams.
    • Data stream: Select a data stream. You can also create a new data stream by clicking Create new and specifying the data stream settings.
  6. Under Service account, select the service account that the trail will use to upload audit log files to the data stream.
  7. Click Create.

The trail will be created and will begin uploading audit logs to the data stream.

What's next

In this article: