Audit log | Tdg

Audit log

Журнал аудита содержит записи о событиях безопасности в TDG.

To view the log:

  1. Configure at least one instance with the storage role.

  2. Go to the Cluster tab and click the Bootstrap vshard button.

  3. Go to the Audit log tab.

Enabling and disabling the audit log

The audit log is enabled by default and records messages regardless of authorization settings.

To disable the audit log, click the Disable logging button on the Audit log tab. You can also go to the Graphql tab and run the following GraphQL request:

mutation {
  audit_log {
    enabled(value: false)

To check if the audit log is enabled:

query {
  audit_log {

Clearing the audit log

The audit log is stored in memtx and doesn’t clear automatically.

To fully clear the space associated with the audit log, run the following GraphQL code:

mutation {
        audit_log {

Log structure

Each table entry provides the following information:

  • Severity

  • From - To

  • Subject ID

  • Subject

  • Request ID

  • Module

  • Message

The audit log can be filtered by each of the parameters. Below is more information about every one of them.


Possible values (in order of ascending severity):

  • VERBOSE – детальная информация;

  • INFO – уведомление;

  • WARNING – предупреждение;

  • ALARM – тревога.

A filter by severity displays events of the specified level or more severe. Choose the “VERBOSE” filter to display all messages.

From - To

Date and time of the event. Displayed in GMT+0 (UTC) time.

Subject ID

Internal identifier of the access subject.


Access subject name and type. Possible values:

  • system %q: системное сообщение, где %q – имя сущности в системе.

  • token %q: доступ к HTTP API при помощи токена приложения (например, чтобы получить данные GraphQL), где %q – имя сущности, запросившей доступ.

  • user: access attempt from GUI.

  • anonymous: access attempt from GUI, if mandatory authorization is disabled.

  • unauthorized: access attempt from GUI by an unauthorized user.

Request ID

Internal identifier of the request.


Name of the system module that initiated the event. Examples: common.admin.auth is the module responsible for authorization.


Event description. Can be provided by the user.


Successful user authorization

Сообщение журнала аудита об успешной авторизации пользователя

Model update

Сообщение журнала аудита об обновлении модели

Clearing the audit log

Сообщение после очистки журнала аудита

Configuration via config.yml

The default settings that Tarantool Data Grid starts up with can be found in the file config.yml. Audit log settings can be listed in this

  remove_older_than_n_hours: 24 # how many hours a message should exist before being deleted
  severity: VERBOSE # record messages of this severity level and higher
  enabled: true
Found what you were looking for?