Feature Request Audit Logging

Public Preview

This feature is currently in Public Preview.

This feature has the following limitations:

• Must be enabled by Tecton Support.

Please file a feature request for functionality that you are interested in.

Audit Logging allows you to see what requests are being sent to your production feature-serving endpoint.

Use Cases for Feature Request Audit Logging

• Prevent data leakage. You can integrate audit logs with SIEM (like Splunk) and detect malicious activity (abnormal number of requests/login brute force).
• Reports for audit. You can download all logs within a time frame and, for example, ensure that old api keys were rotated and no longer used.

How to Use

• Contact Tecton Support to enable the feature.
• Then, you will be able to find logs written to your Tecton S3 bucket (s3://tecton-{DEPLOYMENT_NAME}/logging/audit_logs/) where your logs will be partitioned by time and written in a JSON format.
• Sample Log:

{"authResult":"Success","requestContents":{"params":{"Locator":{"FeatureServiceName":"test_fs"},"request_context_map":{"amount":1002}}},"requestDetails":{"KeyCreator":"user@email","ObscuredKey":"****f698","KeyDescription":"Application API Key"},"requestTime":"2021-09-16T21:22:49.387109Z"}
{"authResult":"InvalidApiKey","requestContents":{"params":{"Locator":{"FeatureServiceName":"user_recs"},"request_context_map":{"amount":1050}}},"requestDetails":null,"requestTime":"2021-09-16T21:26:32.3952655Z"}

Write Frequency

In order to not restrict the latency of requests to time taken to write to S3, audit logs are batched and written asynchronously. By default, they will be written either every 60 seconds or if file size exceeds an internal limit. This behavior means if AWS experienced an outage, up to 60 seconds of logs for requests that succeeded could fail to be persisted to your S3 bucket.