About the Audit Query API
Data Protection on Demand (DPoD) collects audit logs for Luna Cloud HSM Services. Users can generate audit log files and retrieve signed URLs for access to audit log files using the Audit Query API /v1/audit-log-exports
endpoint and a set of Platform Credentials. Audit log files contain an array of audit logs which provide a record of the outcome of an action by an actor on a resource in a DPoD tenant.
DPoD provides a default audit log retention policy for all users. This policy retains all audit logs for one year (12 months).
Service Provider Administrators cannot access their tenant's audit logs. Tenant Administrators can access logs for all Luna Cloud HSM Services in their tenant. Application Owners can access logs for Luna Cloud HSM Services in their subscriber group.
Note
Audit logs are supported for Luna Cloud HSM Services using client version 10.2 or newer.
Example requests
See Generate Audit Log File and Retrieve Audit Log File in Using the APIs for example Audit Query API requests.
Tip
You cannot generate an audit log file larger than 1GB. If you are unable to generate an audit log file and are adhering to the maximum 31 day polling period, we recommend reducing the polling period, or filtering, to narrow the scope of your audit and generate smaller audit log files.
Audit logs
Audit logs provide a record of the outcome (status
) of an action (action
) by an actor (actorID
) on a resource (resourceID
). The audit log file is a .ZIP that contains a JSON list of audit logs.
The maximum retrievable file size for an audit log file .ZIP is 1mb. If you generate an audit log file .ZIP larger than 1mb you will be unable to download the file. We recommend using filtering when generating your audit log file to narrow the scope of your audit and produce smaller audit log files.
Caution
Filtering on the resource ID of a deleted service will fail. To access logs for a deleted service do not filter on the resource ID, instead generate a log file including all services.
Audit logs have the following format:
{
"time":"<logTime>",
"source":"<logSource>",
"resourceID":"<logResource>",
"actorID":"<logActor>",
"tenantID":"<logTenantId>",
"action":"<logAction>",
"status":"<logStatus>",
"traceID":"<traceID>",
"meta":{"<logMeta>"}
}
Common values
The following values are common and will appear in all DPoD audit logs:
Value | Description |
---|---|
"time" |
The time of the action. A timestamp in RFC3339 format. If the use case records the audit log time to a fraction of a second DPoD counts those fractions of a second in microseconds. The timestamp takes the format <YYYY>-<MM>-<DD> <hour>:<minute>:<second>.<microsecond> UTC . |
"tenantID" |
The GUID of the tenant that owns the log. |
"traceID" |
A unique identifier for the audit log for tracking audit logs throughout the audit system. |
Use case specific values
The source
, resourceid
, actorid
, action
, status
, and meta
values have use case specific descriptions. Please see the use case specific audit log documentation for more information.