Skip to main content

Audit logs

important

Anyscale doesn't enable audit logs by default.

Audit logs are only available on customer-hosted clouds. Reach out to support@anyscale.com for more information.

Audit logs enables Anyscale to export logs for select user actions to an AWS S3 or GCP GCS bucket.

The following configurations are supported:

NameValues
Export location
  • S3

  • GCS
Upload frequency
  • Hourly

  • 15 min
File format
  • JSONL (newline separated JSON)

  • Parquet

Examples

AWSGCP
FilesAudit logs for S3Audit logs for GCS
FoldersAudit logs for S3Audit logs for GCS

Log contents

Anyscale uploads one file per entity on the configured frequency schedule. The files are outputted to the following path within the bucket:

/<org_id>/audit_logs/<entity>/<timestamp>.log.<file_format>

For example:

/org_123/audit_logs/cluster/1690300746.log.jsonl

The file consists of user action records. Each record conforms to the following schema:

{
"timestamp": string,
"user_id": string,
"source_ip": string,
"action": Action (enum), // see "Supported User Actions"
"entity": Entity (enum), // see "Supported User Actions"
"metadata": nullable object,
"user": {
"name": string,
"email": string
}
}

For example:

// User logged in
{
"timestamp": "2023-08-01 01:04:05.073682+00:00",
"user_id": "usr_123",
"source_ip": "1.2.3.4",
"action": "LOGIN",
"entity": "ACCESS",
"metadata": null,
"user": {
"name": "Jane",
"email": "jane@company.com"
}
}

// Cluster started
{
"timestamp": "2023-08-02 04:17:02.152921+00:00",
"user_id": "usr_123",
"source_ip": "1.2.3.4",
"action": "START",
"entity": "CLUSTER",
"metadata": {
"id": "ses_123"
},
"user": {
"name": "Bill",
"email": "bill@company.com"
}
}

Supported user actions

The full list of logged user actions are below:

EntityActionMetadata
USERINVITEinvitee_email: string
JOIN
REMOVEremovee_id: string
MODIFYmodifee_id: string
old_role: string
new_role: string
PAYMENTADD
ACCESSLOGIN
LOGOUT
SUPPORT_ACCESSLOGIN
REQUEST

duration: float (seconds)

CLUSTERCREATEid: string
START
TERMINATE
ARCHIVE
CLOUDCREATEname: string
DELETE
CLUSTER_ENVCREATE
DELETE
COMPUTE_CONFIGCREATE
JOBCREATE
TERMINATE
ARCHIVE
SERVICECREATE
TERMINATE
WORKSPACECREATE
START
TERMINATE
DELETE

Setup

Contact your Anyscale account team.