# Admin console - Audit log streaming
In addition to retaining audit logs in the Workato platform itself, Workato can optionally stream audit logs from all of a partner's customer accounts to a single destination with a one-time setup. Partners can enable the feature through the Audit log streaming setting in the Admin console > Settings tab.
When a partner enables audit log streaming for all customers, Workato stores the customers' audit log activities, including job history, recipe step details, and user activity, in an Amazon S3 bucket or any log provider accessible through a REST endpoint. Each job or event is represented as a JSON file, which Workato sends to the log provider using the HTTP POST method. Examples of log providers include Sumo Logic (opens new window), Datadog (opens new window), and Splunk (opens new window), among others.
Note that the Workato platform retains audit logs for the designated retention period whether audit log streaming is enabled or not.
Alternatively, to enable audit log streaming for each customer individually, see Set unique log destinations.
Audit log streaming is an add-on feature. Contact your Customer Success representative to enable this feature in your account.
# Audit events
Audit events include:
- Job summaries
- Job details
- User activity (log-ins, team changes, asset creation, edits, and deletions)
# Setting up audit log streaming
Navigate to Admin console > Settings and use the toggle button in the Audit log streaming section to enable audit log streaming.
Audit log streaming settings in the Admin console
Select the type of events to include in your audit log stream. If you choose to stream your job history, you have the additional option to include your recipe step details in your audit log stream.
Optionally, customize the log message format.
Select a Destination type from the picklist and enter any required fields for the selected destination type.
# Customize audit log JSON
Customize the audit log JSON to different formats to suit your needs. For example, you may require a
source application (for example,
workato) to process the event logs in the destination application automatically.
In the Admin console > Settings tab, you can create the custom log message using JSON format in the Audit log streaming > Customize log message section. Along with your custom fields, define the JSON structure with a placeholder for the Workato audit log. Workato replaces the placeholder value with the actual log message before the event is streamed.
For more information, see Supported placeholders.
# Identifying customers from JSON files
The JSON file includes the
user_external_id parameters in the
context block for all log files related to job details. These two IDs refer to the Workato customer ID and the partner-provided external ID for the customer.
Sample JSON from a job event
The JSON file includes the
external_id parameters nested in the
team for all log files related to user activity. The IDs in the
team block refer to the customer account, while the IDs in the
user block refer to the specific customer team member who performed the action.
Sample JSON from a user activity event
If the partner did not provide any external ID while creating the customer or customer team member, the
external_id value is
# Set unique audit log destinations
Partners can provide audit log replication configuration on each customer individually. This setting is available on each customer account's Settings page as long as the audit log replication setting is not configured in the partner's Admin console. Therefore, if each customer requires a separate audit log destination, don't configure the overall setting in the Admin console.
Last updated: 6/23/2023, 8:30:06 PM