Do you offer your customers audit logs?

1 points by wizwit999 ↗ HN
Wondering what people are doing for audit logs.

I know a lot of people maintain them to some extent internally (for compliance or just as best practice).

But what about vending it to each customer (for a multi tenant SaaS), so they automatically have access to their specific logs.

I'm working on a solution in this space but curious to hear what people think.

3 comments

[ 3.0 ms ] story [ 26.1 ms ] thread
I deal with analyzing logs of all kinds in large enterprise/corporate/government environments

System/application owners never lose access to their own logs ... but they also don't get to see "everyone else's" without proper RBACs in place

I know I can collect various introspective and monitoring data off cloud services I run - but only what they deign exportable (certainly not how the hypervisor of the physical box(es) running all my instances and services is currently doing, nor how my instance of a managed DB is working vs another customer's instance vs "all" instances etc)

If you want more-extensive logging, you need to be running the infra yourself

That makes sense, cloud providers are usually pretty good at giving you enough (besides the low level stuff you mention).

I'm thinking more along the lines of managed SaaS's, looks like there's a lot of missing insight into activity (who called this API, who performed this action, etc.).

>looks like there's a lot of missing insight into activity

Some of that can be findable ... but usually you're collecting it some other way already

Or it "doesn't matter" because you have shared authentication doing tasks (or being triggered by someother tool using a service account ..which pushes the audit trail further from the SaaS offering)