Do you offer your customers audit logs?
Wondering what people are doing for audit logs.
I know a lot of people maintain them to some extent internally (for compliance or just as best practice).
But what about vending it to each customer (for a multi tenant SaaS), so they automatically have access to their specific logs.
I'm working on a solution in this space but curious to hear what people think.
3 comments
[ 3.0 ms ] story [ 26.1 ms ] threadSystem/application owners never lose access to their own logs ... but they also don't get to see "everyone else's" without proper RBACs in place
I know I can collect various introspective and monitoring data off cloud services I run - but only what they deign exportable (certainly not how the hypervisor of the physical box(es) running all my instances and services is currently doing, nor how my instance of a managed DB is working vs another customer's instance vs "all" instances etc)
If you want more-extensive logging, you need to be running the infra yourself
I'm thinking more along the lines of managed SaaS's, looks like there's a lot of missing insight into activity (who called this API, who performed this action, etc.).
Some of that can be findable ... but usually you're collecting it some other way already
Or it "doesn't matter" because you have shared authentication doing tasks (or being triggered by someother tool using a service account ..which pushes the audit trail further from the SaaS offering)