PricingSign inRequest a Demo

Audit Trail

Track changes to resources within Bindplane.

IMPORTANT

📘 Audit Trail is a Bindplane Enterprise Edition feature.

What is Audit Trail?

Audit Trail is a feature for Bindplane Enterprise Edition that creates a log of events that can be used for auditing resources that are created and modified within Bindplane. With the audit trail, you can keep track of changes to configurations, rollouts, and users in your project.

Configuration

The audit trail feature is automatically enabled in Bindplane Enterprise Edition.

Retention may be configured in your server config, by setting the auditTrail.retentionDays configuration option. In this example, events are configured to be retained for 60 days:

auditTrail:
  retentionDays: 60

By default, the audit trail will retain audit events for 30 days.

Viewing Audit Events

Audit events can be viewed through either the UI or the CLI.

UI

The audit logs can be accessed by admins of the project by clicking the gear icon in the top right of the Bindplane UI, then on the Audit Logs option.

Bindplane docs - Audit Trail - image 1

On the Audit Logs page, you will see the following:

Bindplane docs - Audit Trail - image 2

  1. You can filter by the affected configuration. This input accepts both the configuration name, as well as the configuration name + version (e.g. myconfig:3 would filter out all logs except for ones affecting version 3 of myconfig).

  2. You can filter by the user whose action created the log.

  3. You can set the minimum date of logs to view.

  4. You can set the maximum date of logs to view.

  5. You can export and download the current view with all active filters to a CSV file.

Below, you will see a table of all audit events that match the current filters.

CLI

To retrieve audit events, the bindplane get audit-events command can be used. In addition to the standard options for bindplane get, there are some extra parameters that may optionally be specified in order to filter the retrieved audit events:

Flag
Description

--configuration

The name of the configuration to filter by

--max-date

The maximum date for the events filter, in the format of YYYYMMDDHHMMSS

--min-date

The minimum date for the events filter, in the format of YYYYMMDDHHMMSS

--user

The display name of the user who made the change to filter by

For a full list of configuration flags, run the bindplane get audit-events --help command.

CLI Examples

Output Audit Events as CSV

bindplane get audit-events -o csv

Get All Audit Events Generated by a Specific User

bindplane get audit-events --user "admin-user"

Get All Audit Events for a Specific Configuration

bindplane get audit-events --configuration "my-configuration"

Get All Audit Events for a Specific Configuration (with version)

bindplane get audit-events --configuration "my-configuration:13"

Get All Audit Events for the Past Day

bindplane get audit-events --min-date "$(date -u --date='1 days ago' '+%Y%m%d%H%M%S')"

Types of Events

Currently, there are three categories of events that are logged to the audit trail.

Configuration Events

When a configuration is created or modified, an event is logged specifying which resource of the config was modified, along with the user that modified it. The following events may be emitted:

Action
Resource Kind
Description

Created

Source

A new source of the type specified by the resource name has been added to the configuration.

Created

Processor

A new processor of the type specified by the resource name has been added to the configuration.

Created

Destination

A new destination of the type specified by the resource name has been added to the configuration.

Modified

Source

A source of the type specified by the resource name has been modified for the configuration.

Modified

Processor

A processor of the type specified by the resource name has been modified for the configuration.

Modified

Destination

A destination of the type specified by the resource name has been modified for the configuration.

Deleted

Source

A source of the type specified by the resource name has been removed from the configuration

Deleted

Processor

A processor of the type specified by the resource name has been removed from the configuration.

Deleted

Destination

A destination of the type specified by the resource name has been removed from the configuration.

Rollout Events

When a new rollout is created, started, paused, or resumed, an event is logged for the configuration. The following events may be emitted:

Action
Resource Kind
Description

Pending

Rollout

A new rollout has been created in a Pending state for the configuration.

Started

Rollout

A rollout has been started for the configuration.

Paused

Rollout

An in-progress rollout has been paused for the configuration.

Resumed

Rollout

A previously paused rollout has been resumed for the configuration.

User Events

When users are added, removed, or modified to a project, an audit event is logged for that user. The following events may be emitted:

Action
Resource Kind
Description

Created

User

The user specified by the resource name has been added to the project.

Modified

User

The user specified by the resource name has had their role changed to the role specified in the resource name.

Deleted

User

The user specified by the resource name has been removed from the project.

PreviousLibraryNextSingle Sign-On (Cloud)

Last updated

Was this helpful?