Retain Audit Log Records on Confluent Cloud

Audit log records are retained for seven days on an independent Confluent Cloud cluster. These audit log entries cannot be modified, deleted, or produced directly to the audit log topic. To retain or archive audit log records for longer than seven days, or to modify the records for analytics and other purposes, you can either export or replicate the data from the audit log cluster to an external Apache Kafka® cluster or to other data stores.

Export audit log records using a self-managed sink connector

You can export your Confluent Cloud audit log data from your audit log cluster’s topic confluent-audit-log-events to an external target data store using a self-managed sink connector for Confluent Platform.

Important

Confluent Cloud audit logs cannot be consumed using Confluent Cloud fully managed sink connectors.

To use a self-managed sink connector to export audit log data, you must configure the connector to use the Confluent Cloud audit log cluster by adding a consumer override (consumer.override.bootstrap.servers) in the connector’s config.properties file to bootstrap the connector to your target cluster. Because the Confluent Cloud audit log cluster is read-only, you must use the consumer override. Otherwise, you receive a TopicAuthorizationException: Not authorized to access topics error message.

For an example that exports Confluent Cloud audit log data using the self-managed Splunk sink connector, see the Confluent blog How to Visualize Confluent Cloud Audit Log Data. The example displays the data for analysis in two dashboards: “Confluent Cloud Audit Overview” and “Confluent Cloud Role Assignments”.

Replicate audit log data into a managed Kafka cluster

By syncing audit logs to your own Confluent Cloud clusters, you can use fully managed tools (such as ksqlDB, Connect, and Stream Governance) and manage security with RBAC and API keys.