Audit Logging
For organizations subject to compliance and regulation where auditing is regularly required, Dremio offers extensive event audit logging. With auditing, all user-initiated and engine start/stop actions performed within Dremio are tracked and traceable via the sys.project.history.events table. Each time an action is initiated within Dremio, such as logging in or creating a view, the audit log captures all relevant information, such as the action, the object it affected, and both old and new values.
Audit logging is enabled by default and is available only to users with administrative rights at the Project level.
Events & Actions Tracked
Dremio supports audit logging for the following actions:
- Logins from any client type
- Access management changes (i.e., privilege granting/revoking)
- Administrator actions (Create/Modify/Delete)
- Dremio object changes (Create/Modify/Delete)
- Object ownership changes
- Engine state (Enabled/Disabled)
- Engine scaling (adding/removing replicas)
- Reflection/Metadata refreshes
Querying Audit Logs
Users may view the current state of the entire audit log by querying the sys.project.history.events table:
- In the Dremio application, navigate to the SQL Runner.
- Enter the following command:
SELECT * FROM sys.project.history.events
- Click Run.
All logged actions appear in the view below.