Skip to main content

Audit Logging

The creation and modification of Dremio resources is tracked and traceable via the sys.project.history.events table. Audit logging is enabled by default and is available to users with administrative permissions on the project.

It can take up to three hours for an event to propagate to the system table and there is currently no maximum retention policy for audit events.

Tracked Events

Dremio supports audit logging for the following objects (event types) and actions:

Event TypeActions
CLOUDCREATE_STARTED, CREATE_COMPLETED, UPDATE, DELETE_STARTED, DELETE_COMPLETED
CONNECTIONLOGIN
EDITIONCREATE, DELETE, DOWNGRADE, MODIFY, UPGRADE
ENGINECREATE_STARTED, CREATE_COMPLETED, UPDATE_STARTED, UPDATE_COMPLETED, DELETE_STARTED, DELETE_COMPLETED, ENABLE_STARTED, ENABLE_COMPLETED, DISABLE_STARTED, DISABLE_COMPLETED
ENGINE_SCALINGSCALE_UP_STARTED, SCALE_UP_COMPLETED, SCALE_DOWN_STARTED, SCALE_DOWN_COMPLETED
FOLDERCREATE, UPDATE, DELETE
ORGANIZATIONCREATE_STARTED, CREATE_COMPLETED, UPDATE, DELETE_STARTED, DELETE_COMPLETED
PERSONAL_ACCESS_TOKENCREATE, DELETE
PHYSICAL_DATASETCREATE, UPDATE, DELETE
PRIVILEGEUPDATE, DELETE
PROJECTCREATE_STARTED, CREATE_COMPLETED, DELETE_STARTED, DELETE_COMPLETED, HIBERNATE_STARTED, HIBERNATE_COMPLETED, UNHIBERNATE_STARTED, UNHIBERNATE_COMPLETED, UPDATE
REFLECTIONCREATE, UPDATE, DELETE
REPLICACREATE_STARTED, CREATE_COMPLETED, DELETE_STARTED, DELETE_COMPLETED
ROUTING_RULESETCREATE, UPDATE, DELETE
SOURCECREATE, UPDATE, DELETE
SUPPORT_SETTINGRESET, SET
TABLECREATE, UPDATE, DELETE
USER_ACCOUNTCREATE, UPDATE, DELETE
VIEWCREATE, UPDATE, DELETE