# Audit log streaming destinations

Before you begin, reference our set up audit log streaming guide for instructions on enabling audit log streaming in your workspace.

Workato supports the following audit log streaming destinations:

# Amazon S3 Bucket

To stream your audit logs to Amazon S3, select an existing Amazon S3 connection or create one that has a region and bucket set up. This connection must be assigned an IAM role with the following policy permissions:

  • ListAllMyBuckets: This list permission allows Workato to list all buckets belonging to your S3 account. This permission is required even if your connection is restricted to one bucket within S3.
  • PutObject: This write permission allows Workato to stream your activity audit logs to the bucket you specify during setup.

Minimum S3 permissions for ALSMinimum permissions for audit log streaming to S3

Learn more about setting up an IAM role and permissions policy in our IAM role-based authentication documentation.


When you update your IAM role bucket permissions, you must disconnect and re-establish your S3 connection in Workato before you can continue using S3 as a streaming destination. This is a security feature designed to help you manage secure access to your resources.

Additionally, if you plan to restrict access to a specific bucket within S3, you must configure this setting when you set up your S3 connection.

The IAM role must be configured at the bucket level and not at the bucket/object level.

# Azure Monitor

Select an Azure Monitor connection that is tied to a log analytics workspace on your Azure tenant. Head over to the connection docs to learn more.

# Azure Blob Storage

Select an Azure Blob connection that has containers set up. The connection should have read/write access to the containers. Reference our Azure blob documentation to learn how to change role access of the Integration System User (ISU) in your Azure Active Directory. Azure charges additional fees (opens new window) for each 10,000 logs streamed to Azure Blob.

# Cloud based logging services

You can use any log service provider (such as Sumo Logic, Datadog, or Splunk) as a streaming destination. Learn more about configuring an HTTP based log collection using Sumo Logic (opens new window) or Datadog (opens new window).

# How to use a cloud based logging service destination

In the Destination URL field, enter the HTTP URL from the cloud based logging service provider. Workato audit log streaming will POST the audit log events in real time to this URL.

If the log service provider requires authentication to send HTTP requests, enable the Requires authentication slider, then select the Link your account button to specify an HTTP connection with authentication information. You can create a new HTTP connection or link an existing one.

Link an HTTP connectionLink an HTTP connection

Last updated: 11/29/2023, 6:54:38 PM