Access Logs
Access logs track who accessed configuration items and when. This enables compliance auditing, security monitoring, and access reviews for your infrastructure.
Overview
When scraping configurations from external systems, you can also capture access logs that record:
- Who accessed a resource (external user)
- What was accessed (config item)
- When the access occurred
- How they authenticated (MFA status, properties)
Access logs are stored separately from configuration data and can be queried independently for audit purposes.
Enabling Access Log Scraping
To scrape access logs, set full: true on your scraper configuration:
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: database-config
spec:
full: true
# ... scraper configuration
When full mode is enabled, the scraper expects each configuration item to potentially include an access_logs field containing access records.
Access Log Schema
Each access log entry should include:
| Field | Description | Scheme |
|---|---|---|
config_id* | ID of the config item that was accessed | uuid |
external_user_id* | ID of the external user who accessed the resource | uuid |
created_at | Timestamp when the access occurred | timestamp |
mfa | Whether multi-factor authentication was used |
|
properties | Additional access metadata (IP address, session info, etc.) |
|
Example: Custom Scraper with Access Logs
config-with-access-logs.json{
"id": "db-prod-001",
"config": {
"name": "production-database",
"engine": "postgres",
"version": "15.2"
},
"access_logs": [
{
"config_id": "db-prod-001",
"external_user_id": "user-123",
"created_at": "2025-01-08T10:30:00Z",
"mfa": true,
"properties": {
"ip_address": "192.168.1.100",
"client": "psql"
}
},
{
"config_id": "db-prod-001",
"external_user_id": "user-456",
"created_at": "2025-01-08T11:45:00Z",
"mfa": false
}
]
}
Scrapers with Access Log Support
The following scrapers support access log extraction when full: true is enabled:
| Scraper | Use Case |
|---|---|
| SQL | Database access logs from audit tables |
| PostgreSQL | PostgreSQL connection and query logs |
| SQL Server | SQL Server audit events |
| Clickhouse | Clickhouse query logs and S3 access |
| HTTP | API access logs from external systems |
| File | Access logs from log files |
| Exec | Custom scripts that output access data |
External Users and Groups
Access logs reference external users and groups that are also scraped from your systems. These entities enable:
- User identification: Track individual user access across configs
- Group membership: Understand access patterns by team or role
- Access reviews: Audit who has access to what resources
See the SQL scraper for examples of scraping users, groups, and roles alongside access logs.
Related
- Config Access Reference - Access log schema details
- Retention - Configure access log retention policies