Overview
Kong’s Audit Log provides insights into the system’s state and security by recording various operations performed by Kong. This enables tracking of system changes and issues, as well as detection of security breaches.
Kong’s Audit Log is generally in JSON format and records information such as:
- Request and response data
- Access attempts to routes and services
- User or client authentication information
- API key usage
- Error or warning messages
- System events and configuration changes
https://docs.konghq.com/gateway/latest/kong-enterprise/audit-log/
Enabling the Feature
Kong Audit Log is an Enterprise feature. It is off by default and can be enabled or disabled by changing the audit_log
setting.
|
|
How to Use
For example, if you make the following access:
|
|
This access is recorded in the Audit Log and can be retrieved with the following request:
|
|
In the above case, rbac_user_id
and rbac_user_name
are null
because RBAC is not enabled. If you check the access log again with RBAC enabled, you will see that rbac_user_id
and rbac_user_name
have values, so you can know who accessed it.
|
|
Log Rotation
Audit Log entries are stored in Kong’s DB for a period defined by audit_log_record_ttl
. Logs older than this are automatically deleted. The default for this parameter is 30 days.
In PostgreSQL, automatic deletion occurs when there is an insert into the DB. Therefore, Audit Log entries may exist longer than the above TTL, especially if no new Audit Log entries are being added.