# Audit log streaming retry

FEATURE AVAILABILITY

Audit log streaming retry is available for all log streaming destinations.

In the event that an attempt to stream any log (user activity, job summary, or job details) fails, Workato retries sending the log to the destination you have specified.

Audit logs are stored in a persistent cache in Workato. This enables us to retry sending the data using an exponential backoff formula.

Workato removes audit logs from the persistent cache when one of the following occurs:

  • The audit log reaches its destination successfully.
  • After seven (7) days.

Workato logs every retry attempt into the Workato Logs service.

After seven (7) days of failed attempts to stream the audit log to its destination, Workato considers it a failed event. Generally, errors are resolved quickly, and Workato sends the log successfully in fewer attempts. On average, there are 7-8 retry attempts using the exponential backoff formula within this time period.


# Zero retention recipes

You can configure a recipe to have “zero retention" by selecting Do not store on the recipe settings page. This results in Workato not storing any jobs data, including job lines of input or output, on the Workato platform or in your external storage location.

For zero retention recipes, Workato performs the following tasks:

  1. Sends an audit log without job input and output data.

If the initial attempt to send an audit log for zero retention recipes fails, Workato completes the following actions:

  1. Stores the audit logs in a persistent cache for retry.
  2. Uses the exponential backoff formula to retry sending the audit log to your destination.
  3. Removes the audit log from the persistent cache upon successful delivery of the audit log to your destination or after seven days, whichever happens earlier.
  4. Logs every retry for an event into the Workato Logs service.

# Email notifications

When audit log streaming fails, Workato sends email notifications to the workspace admin of your account and to all users designated in the error notifications email list.

Audit log streaming can fail due to errors in the connection to your streaming destination. We classify these connection error events into two categories: involuntary and voluntary. Our email notification protocols differ for each of these event categories as follows:

  • Involuntary disconnect

  • An involuntary disconnect is when audit logs fail to stream because the connection to your destination is no longer valid. The following describes the frequency and contents of the notification emails:

    • Frequency

    • No more than one (1) time every 24 hours.

    • Contents

      • Account ID
      • Resource name
      • Resource ID
      • Event type
      • Event summary
      • Error time
      • Guidance on how to re-establish your connection
  • Voluntary disconnect

  • A voluntary disconnect is when you disconnect the connection to your destination manually. When this happens, Workato waits eight (8) hours before disabling audit log streaming retry. This delay is designed to account for situations where you temporarily disconnect your connection in order to update your connection credentials (Ex: IAM Role ID). After the eight (8) hour interval has passed, Workato sends an email notification informing you that audit log streaming has stopped. The following describes the frequency and contents of the notification email:

    • Frequency

    • One (1) time only.

    • Contents

      • Account ID
      • Resource name
      • Resource ID
      • Event type
      • Event summary
      • Error time
      • Guidance on how to re-establish your connection

# Email recipients for Embedded accounts

The email recipients for Embedded accounts are determined by the workspace where audit log streaming is enabled, as described in the following table.

Log streaming enabled in.. Send emails to..
Embedded partner admin workspace Embedded partner admin
Embedded customer accounts with a shared streaming destination Embedded partner admin
Embedded customer accounts with distinct streaming destinations Embedded customer

# Email recipients for AHQ accounts

The email recipients for AHQ accounts are determined by the workspace where audit log streaming is enabled, as described in the following table.

Log streaming enabled in.. Send emails to..
AHQ admin workspace AHQ admin
AHQ managed workspaces with a shared streaming destination AHQ admin
AHQ managed workspaces with distinct streaming destinations Managed workspace admin


Last updated: 4/11/2024, 4:34:30 PM