Security log forwarding
AuraDB Business Critical AuraDB Virtual Dedicated Cloud AuraDS Enterprise
With security log forwarding, you can stream security logs directly to a cloud project owned by your organization, in real time.
To access log forwarding, you need to have the Project Admin role. |
To access Log forwarding:
-
Navigate to Settings under the Project section in the sidebar.
-
Select Log forwarding.
This will display a list of currently configured log forwarding processes for the active project.
Each configuration will show its scope (region or instance) and status (forwarding
, setting up
or paused
).
For actions related to existing configurations, use the …
button on the right side of the row to open a menu from which the following actions can be taken:
-
View configuration - Displays the complete details of the configuration.
-
Edit - Allows you to change the configuration.
-
Delete - Removes the configuration.
If no log forwarding process is set up, a button to do so is displayed in the center of the page.
Set up log forwarding
Aura Database and Analytics services are business-critical for users. There are requests to introduce more capabilities enabling access to logs and metrics to derive actionable insights using your choice of monitoring platform. Aura has a strong roadmap of observability sharing features including security logs, query logs, and other capabilities. Many of these logs can be of significant size, hence a new consumption-based billing model including cloud egress costs will be introduced in the future. Security is of paramount importance, and therefore the security logs are initially available for free. |
The complete steps for setting up log forwarding depend on the chosen cloud provider.
Exhaustive instructions are provided in the wizard which appears by following the steps below.
-
Navigate to the Log forwarding page as described above.
-
Use Configure log forwarding and select the scope for log forwarding.
-
AuraDB Business Critical A specific instance will have its logs forwarded.
-
AuraDB Virtual Dedicated Cloud All instances in the selected region will have their logs forwarded.
-
AuraDS Enterprise All instances in the selected region will have their logs forwarded.
-
-
Follow the instructions specific to your cloud provider.
Only one log forwarding configuration is permitted for each unique scope. |
Output destination
Log forwarding can forward logs to the log service of the same cloud provider as the monitored instance is located in.
Cross-region log forwarding is supported.
If your instance is in:
-
Google Cloud Platform - Forward logs to Google Cloud Logging in your own GCP project.
-
Amazon Web Services - Forward logs to CloudWatch in your own AWS account.
-
Azure - Forward logs to a Log Analytics workspace in your own Azure subscription.
Logs can be further forwarded into third party systems using the log routing capabilities provided by your cloud provider.