Retain Audit Log Records¶
Audit log records in Confluent Cloud audit logs are retained for seven days on an independent cluster. These audit log entries cannot be modified, deleted, or produced directly to the audit log topic. To retain or archive audit log records for longer than seven days, or to modify the records for analytics and other purposes, either export or replicate the data.
Use connectors to export audit log data¶
Confluent Cloud audit logs cannot be consumed directly using fully-managed connectors. Instead, use a self-managed sink connector to consume audit logs or replicate the audit logs into a managed Kafka cluster.
You can export your Confluent Cloud audit log data to a target platform for analysis using self-managed sink connectors for Confluent Platform, including the following:
For an example that exports Confluent Cloud audit log data using the self-managed Splunk sink connector and displays data for analysis in two dashboards (“Confluent Cloud Audit Overview” and “Confluent Cloud Role Assignments.”), see the Confluent blog How to Visualize Confluent Cloud Audit Log Data.`
Replicate audit logs¶
By syncing audit logs to your own Confluent Cloud clusters, you can use fully-managed tools (such as ksqlDB, Connect, and Stream Governance) and manage security with RBAC and API keys.