Retain Audit Log Records

Audit log records in Confluent Cloud audit logs are retained for seven days on an independent Confluent Cloud cluster. These audit log entries cannot be modified, deleted, or produced directly to the audit log topic. To retain or archive audit log records for longer than seven days, or to modify the records for analytics and other purposes, you can either export or replicate the data from the audit log cluster to an external Kafka cluster or to other data stores

Export audit log records using a self-managed sink connector

You can export your Confluent Cloud audit log data from your audit log cluster’s topic confluent-audit-log-events to an external target data store using a self-managed sink connector for Confluent Platform.

Important

Confluent Cloud audit logs cannot be consumed using Confluent Cloud fully-managed sink connectors.

To use a self-managed sink connector to export audit log data, you must configure the connector to use the Confluent Cloud audit log cluster by adding a consumer override (consumer.override.bootstrap.servers) in the connector’s config.properties file to bootstrap the connector to your target cluster. Because the Confluent Cloud audit log cluster is read-only, you must use the consumer override; otherwise, you will receive an TopicAuthorizationException: Not authorized to access topics error message.

For an example that exports Confluent Cloud audit log data using the self-managed Splunk sink connector and displays data for analysis in two dashboards (“Confluent Cloud Audit Overview” and “Confluent Cloud Role Assignments.”), see the Confluent blog How to Visualize Confluent Cloud Audit Log Data.`

Replicate audit log data into a managed Kafka cluster

By syncing audit logs to your own Confluent Cloud clusters, you can use fully-managed tools (such as ksqlDB, Connect, and Stream Governance) and manage security with RBAC and API keys.