On this page

    Audit Logging

    For organizations subject to compliance and regulation where auditing is regularly required, Dremio offers extensive event audit logging. With auditing, all user-initiated and engine start/stop actions performed within Dremio are tracked and traceable via the sys.project.history.events table. Each time an action is initiated within Dremio, such as logging in or creating a view, the audit log captures all relevant information, such as the action, the object it affected, and both old and new values.

    Audit logging is enabled by default and is available only to users with administrative rights at the Project level.

    Events & Actions Tracked

    Dremio supports audit logging for the following actions:

    • Logins from any client type
    • Access management changes (i.e., privilege granting/revoking)
    • Administrator actions (Create/Modify/Delete)
    • Dremio object changes (Create/Modify/Delete)
    • Object ownership changes
    • Engine state (Enabled/Disabled)
    • Engine scaling (adding/removing replicas)
    • Reflection/Metadata refreshes

    Querying Audit Logs

    Users may view the current state of the entire audit log by querying the sys.project.history.events table:

    1. In the Dremio application, navigate to the SQL Runner.
    2. Enter the following command:
    SELECT * FROM sys.project.history.events
    
    1. Click Run.

    All logged actions appear in the view below.