Export Astro audit logs
Astro audit logs record administrative activities and events in your Organization. You can use the audit logs to determine who did what, where, and when. You can also use audit logs to ensure your Organization is meeting its security and regulatory requirements. For example, you can use audit logs to determine when users were added to your Organization or to individual Workspaces.
See Reference: Astro audit log fields for a complete list of available fields in audit logs.
Export audit logs
Audit logs are retained for 90 days. Organization Owner permissions are required to export audit logs.
-
Click Organization Settings in the Astro UI.
-
In the Audit Logs menu, select the number days of audit data to export and then click Export.
The extracted audit log data is saved as a newline delimited JSON (ndjson) file with the default filename
<astro-organization-name>-logs-<number-of-days>-days-<date>.ndjson
.
CLI
You can also export logs using the Astro CLI. Run the following command to export audit logs as a GZIP file to your current directory:
Audit logs reference
This section is a reference for all available fields in Astro audit logs.
The following categories of event data are available in an audit log:
- API events: The data generated by user actions in the Astro UI, Astro CLI, or from internal processing actions in the Astro control plane.
- Airflow UI access: The data generated when users access the Airflow UI.
- Astronomer container registry access: The data generated when users access the Astronomer container registry with the Astro CLI.
The audit log file is provided as a newline delimited JSON (NDJSON) file. Every entry in the audit log file corresponds to an event, and event attributes provide additional information about each event.
Common fields
The following table lists the common fields shared by all categories of event data.
Table: Common fields in audit logs
API event fields
Audit log events can be generated from the v1 API or the v2 API. Each API generates different fields for the same actions, and your audit log might include events from both APIs. Audit log event frequency for the v1 API are expected to decline as Astronomer transitions to the v2 API.
Table: v1 API event fields
The following table maps some common operationName
attributes to their corresponding requestInput
attributes.
Table: operationName
attribute mappings
Table: v2 API event fields
The following table maps some common path
attributes to their corresponding requestBody
attributes.
Table: path
attribute mappings
Use your analytics or audit tool to view additional attribute mapping information.
Airflow UI access event fields
The following table lists the fields that are unique to Airflow UI access events.
Table: Airflow UI access event fields
The following table lists the fields that are unique to Astronomer container registry access events.
Table: Astronomer container registry access event fields
Astro CLI access event fields
The following table lists the fields that are unique to Astro CLI access events.