Feature Request Audit Logs
Public Preview
This feature is currently in Public Preview.
This feature has the following limitations:
- Must be enabled by Tecton Support.
If you have questions or want to share feedback, please file a support ticket.
Feature Request Audit Logs allow you to see what requests are being sent to your production feature serving endpoint.
Use Cases for Feature Request Audit Logs
- Prevent data leakage. You can integrate audit logs with SIEM (like Splunk) and detect malicious activity (abnormal number of requests/login brute force).
- Reports for audit. You can download all logs within a time frame and, for example, ensure that old api keys were rotated and no longer used.
How to Use​
- Contact Tecton Support to enable the feature.
- Once the feature is enabled, You will be able to find logs written to your
Cloud Provider's Object Storage (e.g.
s3://tecton-{DEPLOYMENT_NAME}/logging/audit_logs/) where your logs will be partitioned by time and written as new line separated json objects.
Log Schema​
| Name | Type | Description |
|---|---|---|
| requestContents | Object | Object containing parameters passed in the request. See the Feature Service HTTP API for the various request bodies' schemas. |
| requestDetails | Object | Object containing information about the caller and the request authentication |
| requestDetails.Result | String | If authentication failed, the reason why. Possible values are: CouldNotDecodeApiKey, MissingAuthorization, InvalidApiKey, MissingMetadata or InvalidToken. This is blank (empty string) if authentication succeeded. |
| requestDetails.KeyId | String | If a valid Tecton API Key was used in the request, this is the ID of the service account of the API Key, otherwise it is blank (empty string). |
| requestDetails.KeyCreator | String | If a valid Tecton API Key was used in the request, this is the creator's email of the service account of the API Key, otherwise it is blank (empty string). |
| requestDetails.ObscuredKey | String | If a valid Tecton API Key was used in the request, this is the masked value of the API Key (the last 4 characters are visible), otherwise it is blank (empty string). |
| requestDetails.KeyDescription | String | If a valid Tecton API Key was used in the request, this is the description of the service account of the API Key, otherwise it is blank (empty string). |
| requestTime | String | The datetime of the request as a string in the ISO-8601 format "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'". |
Successful Request Sample:
{
"requestContents": {
"params": {
"Locator": {
"FeatureServiceName": "test_fs"
},
"workspace_name": "prod",
"join_key_map": {
"user_id": 12345678
}
}
},
"requestDetails": {
"Result": "",
"KeyId": "9d586cef4f91444c8e726f7129fd09ae",
"KeyCreator": "user@email",
"ObscuredKey": "****f698",
"KeyDescription": "Application API Key"
},
"requestTime": "2021-09-16T21:22:49.387109Z"
}
Invalid Key Request Sample:
{
"requestContents": {
"params": {
"Locator": {
"FeatureServiceName": "user_recs"
},
"workspace_name": "prod",
"request_context_map": {
"amount": 1050
}
}
},
"requestDetails": {
"Result": "CouldNotDecodeApiKey",
"KeyId": "",
"KeyCreator": "",
"ObscuredKey": "",
"KeyDescription": ""
},
"requestTime": "2021-09-16T21:26:32.3952655Z"
}
Write Frequency​
In order to optimize the response latency of feature serving requests, request audit logs are batched and written asynchronously. By default, they will be written either every 60 seconds or if buffer size reaches 1024 bytes, unless customized as per customer request. This behavior means if the cloud provider experiences an outage, up to 60 seconds of logs could fail to be persisted.