Skip to content
Start free
Start free
Security

Audit Logging

Full visibility and traceability for every action in your CrateDB environment

Security is not only about preventing unauthorized access — it’s also about knowing who did what, when, and how.
CrateDB’s audit logging capabilities give you comprehensive visibility into all database activity, ensuring accountability, compliance, and operational insight.

By recording authentication events, queries, privilege changes, and configuration updates, audit logs provide the evidence and transparency needed for security monitoring, forensics, and governance.

How How audit logging works

CrateDB captures and records key events across the system to ensure that every relevant action is traceable. These logs can be stored locally, streamed to centralized monitoring systems, or integrated with external security information and event management (SIEM) platforms.

CrateDB audit logging covers:

  • Authentication events: Successful and failed login attempts.
  • Authorization changes: Role assignments, privilege grants, and revocations.
  • Data operations: Executed queries, schema modifications, and configuration updates.
  • Administrative actions: Cluster changes, node joins/leaves, and system-level settings.
In CrateDB Cloud, audit logging is automatically enabled to capture key security and operational events, while in self-managed deployments, logging configuration is flexible and can be tailored to internal auditing policies.

Why it matters

  • Transparency: Gain a full view of how your database is being used.
  • Accountability: Attribute every action to a specific user, role, or service account.
  • Compliance: Meet audit trail requirements for certifications such as ISO 27001, SOC 2 Type 2, and GDPR.
  • Incident response: Quickly identify anomalies or unauthorized actions.
  • Operational insight: Understand usage patterns, workloads, and system access trends.

Best practices

  • Enable comprehensive audit logging for production environments.
  • Regularly export and archive logs to external storage or SIEM systems (e.g., Splunk, ELK, Datadog).
  • Combine audit logs with RBAC policies for maximum visibility and control.
  • Define retention policies according to your organization’s compliance and governance rules.
  • Review and correlate audit logs periodically as part of your security posture assessment.
cr-quote-image

Examples

Event Type Example
Authentication User alice failed login attempt at 2025-11-10 08:42:12
Authorization Role analyst granted DQL on schema sales
Data Operation DELETE FROM orders WHERE id=123 executed by service_api
Configuration Cluster setting stats.enabled changed by admin
cr-quote-image