Audit Trail
Track changes to resources within BindPlane OP.
important
📘 Audit Trail is a BindPlane OP Enterprise Edition feature.
What is Audit Trail?
Audit Trail is a feature for BindPlane OP Enterprise Edition that creates a log of events that can be used for auditing resources that are created and modified within BindPlane OP. With the audit trail, you can keep track of changes to configurations, rollouts, and users in your account.
Configuration
The audit trail feature is automatically enabled in BindPlane OP Enterprise Edition.
Retention may be configured in your server config, by setting the auditTrail.retentionDays configuration option. In this example, events are configured to be retained for 60 days:
By default, the audit trail will retain audit events for 30 days.
Viewing Audit Events
Audit events can be viewed through either the UI or the CLI.
UI
The audit logs can be accessed by admins of the account by clicking the gear icon in the top right of the BindPlane UI, then on the Audit Logs option.
On the Audit Logs page, you will see the following:
- You can filter by the affected configuration. This input accepts both the configuration name, as well as the configuration name + version (e.g. myconfig:3 would filter out all logs except for ones affecting version 3 of myconfig).
- You can filter by the user whose action created the log.
- You can set the minimum date of logs to view.
- You can set the maximum date of logs to view.
- You can export and download the current view with all active filters to a CSV file.
Below, you will see a table of all audit events that match the current filters.
CLI
To retrieve audit events, the bindplane get audit-events command can be used.
In addition to the standard options for bindplane get, there are some extra parameters that may optionally be specified in order to filter the retrieved audit events:
| Flag | Description |
|---|---|
| --configuration | The name of the configuration to filter by |
| --max-date | The maximum date for the events filter, in the format of YYYYMMDDHHMMSS |
| --min-date | The minimum date for the events filter, in the format of YYYYMMDDHHMMSS |
| --user | The display name of the user who made the change to filter by |
For a full list of configuration flags, run the bindplane get audit-events --help command.
CLI Examples
Output Audit Events as CSV
Get All Audit Events Generated by a Specific User
Get All Audit Events for a Specific Configuration
Get All Audit Events for a Specific Configuration (with version)
Get All Audit Events for the Past Day
Types of Events
Currently, there are three categories of events that are logged to the audit trail.
Configuration Events
When a configuration is created or modified, an event is logged specifying which resource of the config was modified, along with the user that modified it. The following events may be emitted:
| Action | Resource Kind | Description |
|---|---|---|
| Created | Source | A new source of the type specified by the resource name has been added to the configuration. |
| Created | Processor | A new processor of the type specified by the resource name has been added to the configuration. |
| Created | Destination | A new destination of the type specified by the resource name has been added to the configuration. |
| Modified | Source | A source of the type specified by the resource name has been modified for the configuration. |
| Modified | Processor | A processor of the type specified by the resource name has been modified for the configuration. |
| Modified | Destination | A destination of the type specified by the resource name has been modified for the configuration. |
| Deleted | Source | A source of the type specified by the resource name has been removed from the configuration |
| Deleted | Processor | A processor of the type specified by the resource name has been removed from the configuration. |
| Deleted | Destination | A destination of the type specified by the resource name has been removed from the configuration. |
Rollout Events
When a new rollout is created, started, paused, or resumed, an event is logged for the configuration. The following events may be emitted:
| Action | Resource Kind | Description |
|---|---|---|
| Pending | Rollout | A new rollout has been created in a Pending state for the configuration. |
| Started | Rollout | A rollout has been started for the configuration. |
| Paused | Rollout | An in-progress rollout has been paused for the configuration. |
| Resumed | Rollout | A previously paused rollout has been resumed for the configuration. |
User Events
When users are added, removed, or modified to an account, an audit event is logged for that user. The following events may be emitted:
| Action | Resource Kind | Description |
|---|---|---|
| Created | User | The user specified by the resource name has been added to the account. |
| Modified | User | The user specified by the resource name has had their role changed to the role specified in the resource name. |
| Deleted | User | The user specified by the resource name has been removed from the account. |