Security log forwarding

AuraDB Business Critical AuraDB Virtual Dedicated Cloud AuraDS Enterprise

With security log forwarding, you can stream security logs directly to a cloud project owned by your organization, in real time.

To access log forwarding, you need to have the Project Admin role.

To access Log forwarding:

  1. Navigate to Settings under the Project section in the sidebar.

  2. Select Log forwarding.

This will display a list of currently configured log forwarding processes for the active project. Each configuration will show its scope (region or instance) and status (forwarding, setting up or paused).

For actions related to existing configurations, use the …​ button on the right side of the row to open a menu from which the following actions can be taken:

  • View configuration - Displays the complete details of the configuration.

  • Edit - Allows you to change the configuration.

  • Delete - Removes the configuration.

If no log forwarding process is set up, a button to do so is displayed in the center of the page.

Set up log forwarding

Aura Database and Analytics services are business-critical for users. There are requests to introduce more capabilities enabling access to logs and metrics to derive actionable insights using your choice of monitoring platform.

Aura has a strong roadmap of observability sharing features including security logs, query logs, and other capabilities. Many of these logs can be of significant size, hence a new consumption-based billing model including cloud egress costs will be introduced in the future.

Security is of paramount importance, and therefore the security logs are initially available for free.

The complete steps for setting up log forwarding depend on the chosen cloud provider.

Exhaustive instructions are provided in the wizard which appears by following the steps below.

  1. Navigate to the Log forwarding page as described above.

  2. Use Configure log forwarding and select the scope for log forwarding.

    • AuraDB Business Critical A specific instance will have its logs forwarded.

    • AuraDB Virtual Dedicated Cloud All instances in the selected region will have their logs forwarded.

    • AuraDS Enterprise All instances in the selected region will have their logs forwarded.

  3. Follow the instructions specific to your cloud provider.

Only one log forwarding configuration is permitted for each unique scope.

Output destination

Log forwarding can forward logs to the log service of the same cloud provider as the monitored instance is located in.

Cross-region log forwarding is supported.

If your instance is in:

  • Google Cloud Platform - Forward logs to Google Cloud Logging in your own GCP project.

  • Amazon Web Services - Forward logs to CloudWatch in your own AWS account.

  • Azure - Forward logs to a Log Analytics workspace in your own Azure subscription.

Logs can be further forwarded into third party systems using the log routing capabilities provided by your cloud provider.