Audit Logging

Overview

Audit logs in Private Cloud Director provide users with the ability to view the actions that have taken place on their environment. Currently audit logging is enabled for the following services:

• Identity

• Compute

• Networking

Audit Log Retrieval for Admin Users

Admin users can now retrieve audit logs directly from the UI. To access the logs, navigate to Settings (gear icon) and select Audit Logs within the Private Cloud Director UI.

Mandatory Filters

When accessing audit logs, the following filters must be specified:

• Region

• Domain

• Tenant

• Service

By default, the logs from the past 24 hours are retrieved with additional filters, such as a custom time range, available by enabling the Use Optional Filters toggle.

Downloading Audit Logs

Clicking the Download Logs button will download the logs as a .ndjson file, containing one JSON object per line. An example format is shown below:

Fields that cannot be populated will display as unknown, and UUID fields will be represented as 00000000-0000-0000-0000-000000000000.

Audit Capabilities and Known Issues

Currently, auditing is enabled for compute, networking, and identity services, with more detailed capabilities planned for future releases. Note the following known issue:

• Resource IDs are not populated during the creation of a resource. Subsequent actions will display the resource ID correctly.

Deployment Options for Audit Logs

Several parameters can be set through deployment options to configure audit logging:

• audit_pvc_size: Size of the PVC associated with the audit database (default: 5Gi)

• audit_pvc_sc: Storage class associated with the audit PVC (default: pcd-sc)

• audit_retention_days: Number of days logs are retained (default: 7)

Example configuration:

More information on configuring options for Self Hosted PCD can be found here:

Audit Log Retrieval API:

Audit logs can also be accessed via API. This is an admin only endpoint.