Ideally, your CI/CD pipelines should run smoothly at any given moment. New code is committed, deployments are frequent, and your whole CI/CD system is safe and secure.
But what if something goes wrong? You need a mechanism that will allow you to track potential security breaches and misuse of information.
That’s where audit logs come in. With the help of audit logs, you can find the root cause of the problem quicker and debug faster, bringing your organization back on track.
Audit logs allow you to collect such information as creation or removal of secrets, starting or stopping a job, creating/removing a workflow, modifying a project, and much more.
Let’s take a closer look at the feature.
What are audit logs?
The idea behind audit logs is to have a history of everything that happened within the organization. This information might be useful in case something goes wrong, and you need to find out what actions led to it.
Semaphore logs all the important events that take place across your organization and stores them on Amazon S3.
Each audit log shows applicable information about an event, such as:
- Action that was performed
- The user who performed the action
- Resource affected by the action
- Date and time of the action
- IP address and medium of the interface used to perform the action
In every audit log, you can find the information about the resource (project, user, workflow, pipeline, etc.), operational information (whether something was added, removed, started, stopped, etc.), and a medium that shows whether the action was taken via the web interface, API, or CLI.
Check out the docs for the full list of audit logs references.
Where to find audit logs?
To access audit logs, navigate to Organization > Settings > Secrets.
Please note that audit logs are part of the Enterprise plan in Semaphore.
Exporting audit logs
There are two options how you can export audit logs for further analysis:
- Download a CSV file
- Configure streaming to your destination of choice
When you click “Export as CSV”, the download will start automatically and the file will be saved to your computer.
Streaming audit data to an external location
In Semaphore, you can also choose to stream audit data to an external location like AWS S3 or Google Cloud Storage. To set up streaming, simply click “Configure Streaming” in the interface.
Here, you can choose whether you want to stream to AWS S3 or Google Cloud Storage and select the name of the bucket where exactly to store audit data. You’ll also need to enter access credentials (key ID and key secret) with the writing permission.
That’s it! Audit logs are streamed to the bucket once per day.
In the Configure Streaming section, you can also find the streaming history with the file name, size, when the export happened, and its status (whether it succeeded or failed).
How is this feature helpful?
Audit logs are indispensable when it comes to monitoring different activities in your Semaphore organization and finding the cause of the problem if something goes wrong. Audit logs help you to stay compliant with security regulations and always have access to the history of all events in Semaphore.
Audit logs are available to customers on the Enterprise plan. If you’d like to configure audit logs for your organization, please feel free to contact us at support@semaphoreci.com. We’ll be happy to help.
Happy building!