Continuously export audit logs as newline-delimited JSON to a dedicated logs/audit/ folder in instance object storage, for SIEM forwarding and archival.
New features
- Opt-in export of audit logs to S3, Azure Blob or Google Cloud Storage
- Newline-delimited JSON written to a dedicated logs/audit/ folder, partitioned by day
- Incremental and runs in the background off the audit log hot path, with a single exporter under high availability
- Exported files are never deleted from object storage, so database retention can be set much lower
- Recommended setup to forward audit logs to a SIEM for long-term security analysis