-
Notifications
You must be signed in to change notification settings - Fork 45
DOC-1485: Fix doc reference to configurable audit log retention #1338
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -397,7 +397,15 @@ ifdef::env-cloud[] | |||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
== Configure retention for audit logs | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
Assess the retention needs for your audit logs. You may not need to keep the logs for the default seven days. This is controlled by setting the `retention.ms` property for the `_redpanda.audit_log` topic. | ||||||||||||||||||||||||||||||
Ideally, you export audit events to your own SIEM for persistence supporting your audit and compliance needs rather than relying on in-cluster persistence. | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
As you assess the retention needs for your audit logs, if you find that you do not need to keep them for the default seven days, and you must revise the retention period: | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
NOTE: Redpanda Data recommends that you retain audit logs for at least one year. | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
. Remove `_redpanda.audit_log` topic from the `no_delete` topics list in your cluster configuration. | ||||||||||||||||||||||||||||||
. Update the `retention.ms` property for the `_redpanda.audit_log` topic. | ||||||||||||||||||||||||||||||
. Add the `_redpanda.audit_log` topic back to the `delete` topics list. | ||||||||||||||||||||||||||||||
Comment on lines
+400
to
+408
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Cloud docs currently instruct customers to change audit retention; this contradicts the PR objective (Cloud retention not end‑user configurable). In env-cloud, steps to remove from Apply this diff to align the Cloud documentation with the stated objective: - Ideally, you export audit events to your own SIEM for persistence supporting your audit and compliance needs rather than relying on in-cluster persistence.
-
- As you assess the retention needs for your audit logs, if you find that you do not need to keep them for the default seven days, and you must revise the retention period:
-
- NOTE: Redpanda Data recommends that you retain audit logs for at least one year.
-
-. Remove `_redpanda.audit_log` topic from the `no_delete` topics list in your cluster configuration.
-. Update the `retention.ms` property for the `_redpanda.audit_log` topic.
-. Add the `_redpanda.audit_log` topic back to the `delete` topics list.
+ In Redpanda Cloud, retention for the internal `_redpanda.audit_log` topic is managed by Redpanda and is not configurable by cluster users.
+
+ To meet audit/compliance retention requirements, export audit events to your own SIEM or external storage and manage retention there. If you have a business need to adjust the default seven‑day in‑cluster retention, contact Redpanda Support.
+
+ NOTE: Redpanda recommends retaining exported audit events for at least one year; work with your compliance team to set an appropriate policy. Would you like me to propose a matching move of the procedural steps into the self‑managed (non‑cloud) section, with concrete rpk/Admin API examples? 📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @michael-redpanda There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In cloud, the customers can't modify the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @michael-redpanda Do you concur? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. According to https://github.com/redpanda-data/cloudv2/pull/22922,
Comment on lines
+406
to
+408
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Verification agent 🧩 Analysis chainProperty/feature names (“no_delete”/“delete list”) likely incorrect and unsafe in Cloud context.
I can draft a self‑managed snippet with the exact rpk commands once you confirm the canonical property names that govern delete protections for internal topics. 🏁 Script executed: #!/bin/bash
# Extract context and search for terms
echo "Context lines 390-420 in modules/manage/partials/audit-logging.adoc"
sed -n '390,420p' modules/manage/partials/audit-logging.adoc || true
echo ""
echo "Lines matching 'no_delete':"
rg -n -C2 'no_delete' modules/manage/partials/audit-logging.adoc || true
echo ""
echo "Lines matching 'delete list':"
rg -n -C2 'delete list' modules/manage/partials/audit-logging.adoc || true Length of output: 2348 Update internal audit-log deletion instructions for self-managed and remove for Cloud The current instructions under Please refactor as follows: • modules/manage/partials/audit-logging.adoc (lines 406–408): • Remove or hide this block under |
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
== Next steps | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
|
Uh oh!
There was an error while loading. Please reload this page.