Treasure Data offers standard and premium features that enable administrators to monitor the access and use of data. Treasure Data premium audit logs provide a detailed audit trail of all the activity that occurs in an account.
Audit log is an add-on feature and, therefore, must be requested. Contact us if you're interested.
Standard and Premium Audit Logs
The Treasure Data standard audit log enables you to view events that occur within the last 24 hours. You can also download the log. You access the audit log from the Admin Window, under the Activity tab.
When you download the standard audit log, you see more data (such as resource type and IP address) than you see on the Activity page.
Users who buy the premium license can view, filter, and query the audit log. The premium audit log captures and holds an unlimited number of events. Refer to Premium Audit Log Captured Events in this article. When you purchase this premium feature, an audit log table is added to your account Database view. The filename for the log is
td_audit_log. Even if you have multiple databases, you have only one audit log.
Premium Audit Log Structure
The following is an example of what an audit log contains:
|Time||UNIX timestamp for event occurred time|
|resource_id||Dependent upon on event. If the event is “table_create”, the ID is the created table id. If “database_delete”, the ID is the deleted database id.|
|Requested_path_info||The event path||/users/sign_in v4/jobs/5736181/result v3/table/create/new_db/new_table…|
|ip_address||Of the connection that executed the audited event|
|requested_http_verb||The API action||GET POST|
|account_id||Treasure Data account ID|
|resource_name||Name of the resource or entity||jean_tableau_table_csv test_query_job|
|user_id||Operator’s user id|
|event_name||The event. If the event is a component specific operation, you see “event_name: cdp_create_segment”||sign-in job_result_download schedule_create|
|new_value||When the resource attribute is changed, the new value is stored|
|old_value||The value before the value was changed|
|attribute_name||When the resource attribute is changed, name of the attribute is stored. For example, if a user changed their table schema, the attribute_name is “schema”.||password schema|
|affected_user_id||email acted upon|
|user_email||email of the operator|
Premium Audit Log Captured Events
Events from the console (including workflows), CLI and from API activities are logged.
|Event Area||Event Type||Event Area||Event Type|
|Account||IP address Add||Table||Create|
|IP address Remove||Delete|
|Log in||Modify description|
|Log out||Update settings|
|Audit log download||Rename|
|Connection||Create||Update schema: added columns|
|Delete||Update schema: removed columns|
|Rename||Update schema: renamed columns|
|Modify (Update settings)||Update schema: modified description|
|Delete||Modify database permissions|
|Modify description||IP address Add|
|Update permission||P address Remove|
|Data Transfer||Transfer Create||Modify permission|
|Transfer Delete||Change Profile|
|Transfer Modify||Change email|
|Transfer Start||Change password|
|Transfer Pause||Query||Create and Save for the first time|
|File Upload||Upload||Edit and Save|
|New Job (Hive, Presto)||Save as|
|Job Result Show||Clone|
|Job Result Preview||Rename|
|Job Result Download||Delete|