TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(features): clean up audit trail feature (#8018)

Browse Source 
# Which Problems Are Solved

duplicated content

# How the Problems Are Solved

reference to primary conent
This commit is contained in:
mffap
2024-05-27 13:04:59 +02:00
committed by GitHub
parent cff0f73e24
commit e3cdf76439
1 changed files with 11 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/docs/concepts/features/audit-trail.md
View File

@@ -14,6 +14,15 @@ This form of audit log has several benefits over storing classic audit logs.
You can view past data in-context of the whole system at a single point in time. You can view past data in-context of the whole system at a single point in time.
Reviewing a past state of the application can be important when tracing an incident that happened months back. Moreover the eventstore provides a truly complete and clean audit log. Reviewing a past state of the application can be important when tracing an incident that happened months back. Moreover the eventstore provides a truly complete and clean audit log.
:::info Future Plans
There will be three major areas for future development on the audit data
- [Metrics](https://github.com/zitadel/zitadel/issues/4458) and [standard reports](https://github.com/zitadel/zitadel/discussions/2162#discussioncomment-1153259)
- [Feedback loop](https://github.com/zitadel/zitadel/issues/5102) and threat detection
- Forensics and replay of events
:::
## Accessing the Audit Log ## Accessing the Audit Log
### Last changes of an object ### Last changes of an object
@@ -42,24 +51,6 @@ Access to the API is possible with a [Service User](/docs/guides/integrate/servi
## Using logs in external systems ## Using logs in external systems
You can use the [Event API](#event-api) to pull data and ingest it in an external system. You can use the events from the audit log in external systems such as a SOC/SIEM solution.
[Actions](actions.md) can be used to write events to the stdout and [process the events as logs](../../self-hosting/manage/production#logging). Follow our guide on how to [integrate ZITADEL with external systems for streaming events and audit logs](/docs/guides/integrate/external-audit-log).
Please refer to the zitadel/actions repository for a [code sample](https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js).
You can use your log processing pipeline to parse and ingest the events in your favorite analytics tool.
It is possible to send events directly with an http request to an external tool.
We don't recommend this approach since this would create back-pressure and increase the overall processing time for requests.
:::info Scope of Actions
At this moment Actions can be invoked on certain events, but not generally on every event.
This is not a technical limitation, but a [feature on our backlog](https://github.com/zitadel/zitadel/issues/5101).
:::
## Future plans
There will be three major areas for future development on the audit data
- [Metrics](https://github.com/zitadel/zitadel/issues/4458) and [standard reports](https://github.com/zitadel/zitadel/discussions/2162#discussioncomment-1153259)
- [Feedback loop](https://github.com/zitadel/zitadel/issues/5102) and threat detection
- Forensics and replay of events