Audit Logs

Introduction

WarpStream Audit Logs provide a way to capture, protect, and preserve Kafka authentication actions, authorization actions, and organization operations into a Kafka topic for Pro and Enterprise clusters. Audit logs also track account-level operations such as creating, deleting, and modifying WarpStream resources such as API keys, Kafka clusters, user accounts, etc.

WarpStream Audit Logs are produced into a fully-managed WarpStream cluster deployed on WarpStream's cloud infrastructure. Audit Logs can either be accessed through the WarpStream Console, or consumed using the Kafka protocol and exported anywhere. Audit Logs are retained for 90 days.

Getting Started

Pre-requisites: you need to use the agent version v736 or above.

In order to enable Audit Logs, navigate to the "Audit" section from the Console left panel.

Once enabled Audit Logs will start flowing:

• Cluster audit logs: all Pro and Enterprise clusters will emit audit logs (following the convention described here)

• Platform audit logs: all requests to the WarpStream console except GET requests will emit an audit log

Audit Logs are visible under the "Events" tab:

To consume Audit Logs using a Kafka client, follow the instructions for connecting to the cluster in the Audit section.

Audit Logs structure

WarpStream audit logs follow the CloudEvents spec and conform to the schema described here.

Here are a few examples:

• A Kafka failure

• A Kafka success:

• A platform success:

Consume Audit Logs

Under the "Credentials" tab of the Audit page, users can create SASL credentials that can then be used to consume from the Audit Logs topic. The "Connect" tab contains everything you need to know to start consuming with code samples.

Billing for Audit Logs

Audit Logs are billed slightly differently than WarpStream BYOC clusters because the cluster is hosted on WarpStream's cloud infrastructure. The following dimensions and unit prices apply to Audit Logs:

Pricing

Each dimension has a unit price. Unit prices for Uncompressed GiB Written are tiered, based on monthly consumption.

Uncompressed GiB Written

The Uncompressed GiB Written metric is billed as follows:

Note that these tiers likely exceed any reasonable expectations for the volume of Audit Logs that would be produced for nearly any WarpStream use case. Audit Logs volume varies based on how often each logged event occurs, but the vast majority of use cases will produce no more than 200 KiB/sec (<500 GiB/month), resulting in charges of less than $10/month for writes. For more information on how tiered pricing works in WarpStream, please refer to Tiered Pricing.

GiB-Minutes

GiB-Minutes measures the storage volume of Audit Logs retained in the WarpStream Audit Logs cluster. The price per GiB-Minute of logs is $0.00000046926/GiB-minute. Most users should expect less than $10/month in storage charges for Audit Logs.

Network ingress

Network ingress is the volume of compressed data written to the cluster. The price per GiB of network ingress is $0.04/GiB. Audit Logs that are produced to the Audit Logs cluster are compressed, and in most cases, charges for network ingress should not exceed $10/month for Audit Logs.

Network egress

Network egress is the volume of compressed data consumed from the cluster. Pricing per GiB of network egress is as follows:

Network egress is billed based on the location of the consumer. For example, if a Kafka client running in us-west-2 consumes from an Audit Logs cluster in us-east-1, consumption will be charged at $0.04/GiB consumed. If the Kafka client is running on a laptop, the data will egress from AWS and traverse the internet, which will be charged at $0.012/GiB.

The estimated monthly charges for network egress depend on the user's consumption pattern, in addition to the volume of logs that are being produced.