Troubleshoot Confluent Cloud audit logging¶
This section provides tips to help you troubleshoot audit logging issues.
Cluster not sending audit log events¶
Audit logs are available on Standard and Dedicated clusters only. If using a Basic cluster type, consider upgrading.
Newly-created topic does not appear in audit log messages¶
When the API checks a user’s permission to create a topic, it first attempts to confirm that the user has cluster-level permission to create any topic. If so, access is granted. If not, the API performs a secondary check to see if the user has permission to create the specific topic name (or a prefix using that name). If this cluster-level check succeeds, then the audit log event will include the ID of the cluster without any reference to the specific topic, because the topic name is not used in the cluster-level permission check.
Authentication failures do not appear in audit log messages¶
If an authentication failure does not appear in your audit log messages, it could be because Confluent Cloud logs all authentication failures internally, but only passes them on to your audit logs when the connection tries to use one of your valid, active API keys on the cluster, but with an incorrect secret.
Audit log messages include identifiers with no descriptions¶
If you come across audit log messages that use identifiers with no descriptions,
User:12345, run one of the following commands:
confluent iam user list confluent api-key list confluent iam service-account list
Describe command output is empty¶
It is possible to run the
confluent audit-log describe command and not see any
output, even when your organization has audit logging enabled. In such cases,
the Confluent CLI may have cached your organization’s information prior to when
audit logging was enabled. To refresh the cache, run the following command:
confluent login --prompt
Audit log messages are not being generated for producer and consumer requests¶
Audit log messages include the authentication events from when the producers and consumers connect, but not the produce and consume requests themselves.