Audit log streaming destinations

Before you begin, reference our set up audit log streaming guide for instructions on enabling audit log streaming in your workspace.

Workato supports the following audit log streaming destinations:

• Amazon S3 Bucket
• Azure Monitor
• Azure Blob Storage
• Cloud based logging services

Amazon S3 Bucket

To stream your audit logs to Amazon S3, select an existing Amazon S3 connection or create one that has a region and bucket set up. This connection must be assigned an IAM role with the following policy permissions:

• ListAllMyBuckets: This list permission allows Workato to list all buckets belonging to your S3 account. This permission is required even if your connection is restricted to one bucket within S3.
• PutObject: This write permission allows Workato to stream your activity audit logs to the bucket you specify during setup.

Minimum permissions for audit log streaming to S3

To ensure the audit logs are streamed successfully, confirm that your Amazon S3 connection meets the following requirements:

• The specified S3 bucket must exist.
• The region specified in the S3 connection must match the region of the selected bucket.
• The IAM role ARN (Amazon Resource Name) associated with the S3 connection must be valid.
• The IAM role must have the ListAllMyBuckets and PutObject permissions.

Learn more about setting up an IAM role and permissions policy in our IAM role-based authentication documentation.

IAM ROLE PERMISSIONS

When you update your IAM role bucket permissions, you must disconnect and re-establish your S3 connection in Workato before you can continue using S3 as a streaming destination. This is a security feature designed to help you manage secure access to your resources.

Additionally, if you plan to restrict access to a specific bucket within S3, you must configure this setting when you set up your S3 connection.

The IAM role must be configured at the bucket level and not at the bucket/object level.

Azure Monitor

To stream your audit logs to Azure Monitor, complete the following steps:

1

Create a connection to Azure Monitor that links to a log analytics workspace within your Azure tenant.

2

Save your Azure Monitor connection to use for streaming.

3

Choose Azure Monitor as your Destination type for audit log streaming and select the Azure Monitor connection you created in the preceding steps.

4

Enter the name of the Azure Monitor table where you plan to stream the logs. You can use an existing table or create a new one.

5

Select the type of events you plan to include in your audit log stream. Options are:

• Job history summary
• Job history details
• User activity audit
• API platform logs

6

Customize the log message. This field is optional.

7

Click Save to apply your audit log streaming settings.

8

Ensure your Azure Monitor Workspace receives the audit logs by querying the specified log type.

Verify your audit logs

Azure Blob Storage

Select an Azure Blob connection that has containers set up. The connection should have read/write access to the containers. Reference our Azure blob documentation to learn how to change role access of the Integration System User (ISU) in your Azure Active Directory. Azure charges additional fees (opens new window) for each 10,000 logs streamed to Azure Blob.

Cloud based logging services

You can use any log service provider (such as Sumo Logic, Datadog, or Splunk) as a streaming destination. Learn more about configuring an HTTP based log collection using Sumo Logic (opens new window) or Datadog (opens new window).

How to use a cloud based logging service destination

Go to the Destination URL field and enter the HTTP URL from your cloud-based logging service provider. Workato audit log streaming posts the audit log events in real-time to this URL.

If your log service provider requires authentication to send HTTP requests, enable the Requires authentication slider, then select the Link your account button to specify an HTTP connection with your authentication information. You can create a new HTTP connection or link to an existing connection.

Link to an HTTP connection

SUPPORTED AUTHENTICATION METHODS FOR HTTP CONNECTIONS

When setting up the HTTP connector for log streaming, ensure that you use one of the following authentication methods:

• Basic
• Query
• oauth2_auth_code_grant
• oauth2_client_credentials_grant
• Custom

Note that audit log streaming to REST-based destinations is only compatible with the preceding listed authentication methods. You will not be able to successfully configure streaming if you use another authentication method.

Validation failed