Skip to content

Commit

Permalink
Fix some audit logging typos (#845)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pgellert
pgellert authored Nov 11, 2024
1 parent 2f4f014 commit c1aa5b7
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions modules/manage/partials/audit-logging.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ ifdef::env-kubernetes[]
* `auditLogging.partitions`: Sets the value of the xref:reference:cluster-properties.adoc#audit_log_num_partitions[`audit_log_num_partitions`] cluster property to define the number of partitions used by a newly created audit topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for an existing audit log topic. Default: `12`.
* `auditLogging.replicationFactor`: Sets the value of the xref:reference:cluster-properties.adoc#audit_log_replication_factor[`audit_log_replication_factor`] cluster property to define the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. If a value is not provided, Redpanda will use the `internal_topic_replication_factor` cluster config value. Default: `null`.
* `auditLogging.enabledEventTypes`: Sets the value of the xref:reference:cluster-properties.adoc#audit_enabled_event_types[`audit_enabled_event_types`] cluster property. This option is a list of JSON strings identifying the <<audit-logging-event-types,event types>> to include in the audit log. Valid values include any of the following - `management`, `produce`, `consume`, `describe`, `heartbeat`, `authenticate`, `schema_registry`, `admin`. Default: `'["management","authenticate","admin"]'`.
* `auditLogging.excludedTopics`: Sets the value of the xref:reference:cluster-properties.adoc#audit_exclude_topics[`audit_exclude_topics`] cluster property. This option is a list of JSON strings identifying the topics the audit logging system should ignore. This list cannot include the `_redpanda.audit_log` topic. Redpanda will reject the command if you do attempt to include that topic. Default: `null`.
* `auditLogging.excludedPrincipals`: Sets the value of the xref:reference:cluster-properties.adoc#audit_exclude_principals[`audit_exclude_principals`] cluster property. This option is a list of JSON strings identifying the principals the audit logging system should ignore. Principals can be listed as `User:name` or `name`, both are accepted. Default: `null`.
* `auditLogging.excludedTopics`: Sets the value of the xref:reference:cluster-properties.adoc#audit_excluded_topics[`audit_excluded_topics`] cluster property. This option is a list of JSON strings identifying the topics the audit logging system should ignore. This list cannot include the `_redpanda.audit_log` topic. Redpanda will reject the command if you do attempt to include that topic. Default: `null`.
* `auditLogging.excludedPrincipals`: Sets the value of the xref:reference:cluster-properties.adoc#audit_excluded_principals[`audit_excluded_principals`] cluster property. This option is a list of JSON strings identifying the principals the audit logging system should ignore. Principals can be listed as `User:name` or `name`, both are accepted. Default: `null`.
* `auditLogging.clientMaxBufferSize`: Sets the value of the xref:reference:cluster-properties.adoc#audit_client_max_buffer_size[`audit_client_max_buffer_size`] cluster property to define the number of bytes allocated by the internal audit client for audit messages. When changing this, you must disable audit logging and then re-enable it for the change to take effect. Consider increasing this if your system generates a very large number of audit records in a short amount of time. Default: `16777216`.
* `auditLogging.queueDrainIntervalMs`: Sets the value of the xref:reference:cluster-properties.adoc#audit_queue_drain_interval_ms[`audit_queue_drain_interval_ms`] cluster property. Internally, Redpanda batches audit log messages in memory and periodically writes them to the audit log topic. This option defines the period in milliseconds between draining this queue to the audit log topic. Longer intervals may help prevent duplicate messages, especially in high throughput scenarios, but they also increase the risk of data loss during hard shutdowns where the queue is lost. Default: `500`.
* `auditLogging.queueMaxBufferSizePerShard`: Sets the value of the xref:reference:cluster-properties.adoc#audit_queue_max_buffer_size_per_shard[`audit_queue_max_buffer_size_per_shard`] cluster property to define the maximum amount of memory in bytes used by the audit buffer in each shard. Once this size is reached, requests to log additional audit messages will return a non-retryable error. Default: `1048576`.
Expand All @@ -49,9 +49,9 @@ ifndef::env-kubernetes[]
* xref:reference:cluster-properties.adoc#audit_client_max_buffer_size[`audit_client_max_buffer_size`]: Integer value defining the number of bytes allocated by the internal audit client for audit messages. When changing this, you must disable audit logging and then re-enable it for the change to take effect. Consider increasing this if your system generates a very large number of audit records in a short amount of time. Default: `16777216`.
* xref:reference:cluster-properties.adoc#audit_queue_max_buffer_size_per_shard[`audit_queue_max_buffer_size_per_shard`]: Integer value defining the maximum amount of memory in bytes used by the audit buffer in each shard. Once this size is reached, requests to log additional audit messages will return a non-retryable error. You must restart the cluster when changing this value. Default: `1048576`.
* xref:reference:cluster-properties.adoc#audit_enabled_event_types[`audit_enabled_event_types`]: List of strings in JSON style identifying the event types to include in the audit log. This may include any of the following - `management, produce, consume, describe, heartbeat, authenticate, schema_registry, admin`. Default: `'["management","authenticate","admin"]'`.
* xref:reference:cluster-properties.adoc#audit_exclude_topics[`audit_exclude_topics`]: List of strings in JSON style identifying the topics the audit logging system should ignore. This list cannot include the `_redpanda.audit_log` topic. Redpanda will reject the command if you do attempt to include that topic. Default: `null`.
* xref:reference:cluster-properties.adoc#audit_excluded_topics[`audit_excluded_topics`]: List of strings in JSON style identifying the topics the audit logging system should ignore. This list cannot include the `_redpanda.audit_log` topic. Redpanda will reject the command if you do attempt to include that topic. Default: `null`.
* xref:reference:cluster-properties.adoc#audit_queue_drain_interval_ms[`audit_queue_drain_interval_ms`]: Internally, Redpanda batches audit log messages in memory and periodically writes them to the audit log topic. This defines the period in milliseconds between draining this queue to the audit log topic. Longer intervals may help prevent duplicate messages, especially in high throughput scenarios, but they also increase the risk of data loss during hard shutdowns where the queue is lost. Default: `500`.
* xref:reference:cluster-properties.adoc#audit_exclude_principals[`audit_exclude_principals`]: List of strings in JSON style identifying the principals the audit logging system should ignore. Principals can be listed as `User:name` or `name`, both are accepted. Default: `null`.
* xref:reference:cluster-properties.adoc#audit_excluded_principals[`audit_excluded_principals`]: List of strings in JSON style identifying the principals the audit logging system should ignore. Principals can be listed as `User:name` or `name`, both are accepted. Default: `null`.

Even though audited event messages are stored to a specialized immutable topic, standard topic settings still apply. For example, you can apply the same Tiered Storage, retention time, and replication settings available to normal topics. These particular options are important for controlling the amount of disk space utilized by your audit topics.

Expand Down Expand Up @@ -295,8 +295,8 @@ Some key tuning recommendations for your audit logging settings include:

* If you wish to change the number of partitions or the replication factor for your audit log topic, set the `audit_log_num_partitions` and `audit_log_replication_factor` properties respectively.
* Choose the type of events needed by setting `audit_enabled_event_types` to the desired list of event categories. Keep this as restrictive as possible based on your compliance and security needs to avoid excessive noise in your audit logs.
* Identify non-sensitive topics so that you can exclude them from auditing. Specify this list of topics in `audit_exclude_topics`.
* Identify non-sensitive principles so that you can exclude them from auditing. Specify this list of principals in `audit_exclude_principles`. This command accepts names in the form of `name` or `User:name`.
* Identify non-sensitive topics so that you can exclude them from auditing. Specify this list of topics in `audit_excluded_topics`.
* Identify non-sensitive principals so that you can exclude them from auditing. Specify this list of principals in `audit_excluded_principals`. This command accepts names in the form of `name` or `User:name`.
* Set `audit_enabled` to `true`.
* <<Optimize costs for audit logging>>.

Expand All @@ -305,8 +305,8 @@ The sequence of commands in `rpk` for this audit log configuration is:
rpk cluster config set audit_log_num_partitions 6
rpk cluster config set audit_log_replication_factor 5
rpk cluster config set audit_enabled_event_types '["management","describe","authenticate"]'
rpk cluster config set audit_exclude_topics '["topic1","topic2"]'
rpk cluster config set audit_exclude_principles '["User:principle1", "principle2"]'
rpk cluster config set audit_excluded_topics '["topic1","topic2"]'
rpk cluster config set audit_excluded_principals '["User:principal1", "principal2"]'
rpk cluster config set audit_enabled true
rpk topic alter-config _redpanda.audit_log --set retention.ms=259200000
endif::[]
Expand All @@ -328,4 +328,4 @@ xref:manage:audit-logging/audit-log-samples.adoc[See samples of audit log messag
include::shared:partial$suggested-reading.adoc[]

- xref:reference:topic-properties.adoc[]
- xref:develop:config-topics.adoc[]
- xref:develop:config-topics.adoc[]

0 comments on commit c1aa5b7

Please sign in to comment.