Skip to main content
logoTetrate Service BridgeVersion: 1.9.x

Audit Log Retention

You can configure the retention period for audit logs that are stored in Postgres. Depending on the number of services and TSB configuration, the audit logs can grow rapidly and consume a lot of disk space. To avoid this, you can configure the retention period for audit logs to automatically delete them after a certain period of time.

Configure the retention period

To set up the retention period for audit logs, you will need to update the TSB Management Plane Custom Resource adding the cleanupCronSchedule and auditLogsCleanupRetention fields with the desired cron schedule and retention period. Then apply the changes either by using kubectl or Helm depending on how you installed TSB.

  dataStore:
    postgres:
      address: tsb-postgres.postgres:5432
      connectionIdleLifetime: 8500s
      connectionIdleMaxOpen: 2
      connectionLifetime: 86400s
      connectionMaxOpen: 70
      name: tsb
      sslMode: disable
    cleanupCronSchedule: "0 */2 * * *"
    auditLogsCleanupRetention: "24h"
  • If auditLogsCleanupRetention is not set, no cleanup will be performed.
  • Minimum retention period is 24 hours.
  • If you didn't set cleanupCronSchedule default schedule is 0 4 * * */1 (At 04:00 on every day-of-week).

Verify the configuration

To verify the configuration, check the cleanupCronSchedule and auditLogsCleanupRetention fields in the MP CR.

kubectl get managementplane managementplane -n tsb -o yaml

You also can check if database-audit-log-cleanup cronjob is created.

NAMESPACE   NAME                                      SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
tsb         database-audit-log-cleanup-tsb-postgres   0 */2 * * *   False     0        22s             89m
tsb         teamsync                                  0 * * * *     False     0        22s             89m

At the specified time, you should see the audit-log-cleanup pods created:

MacBook:tsb-main $ k get pods -n tsb | grep cleanup
database-audit-log-cleanup-tsb-postgres-28477680-hcffm   0/1     Completed   0             14m

Check the logs of the pod created by the cronjob for details about its execution:

MacBook:tsb-main $ k logs database-audit-log-cleanup-tsb-postgres-28477800-pb5fd -n tsb
2024/02/23 06:00:00  info	jobs	Starting job... [scope="jobs"]
2024/02/23 06:00:00  info	jobs	job "database-table-deletion" loaded [scope="jobs"]
2024/02/23 06:00:00  info	jobs	parsing flags for "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00  info	jobs	parsing inner flags for "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00  info	jobs	executing job "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00  info	jobs	Starting job to delete audit logs with a retention of 24h0m0s [scope="jobs" name="database-table-deletion"]
2024/02/23 06:00:00  info	jobs	executing statement delete from audit_log where time <= cast(extract(epoch from to_timestamp($1,$2)) as integer); with arguments "2024-02-22 06:00:00" "YYYY-MM-DD HH24:MI:SS" [scope="jobs" name="database-table-deletion"]
2024/02/23 06:00:00  info	jobs	deleted 0 entries [scope="jobs" name="database-table-deletion"]