Skip to main content
logoTetrate Service BridgeVersion: 1.11.x

Audit Log Retention

You can configure the retention period for audit logs that are stored in Postgres. Depending on the number of services and TSB configuration, the audit logs can grow rapidly and consume a lot of disk space. To avoid this, you can configure the retention period for audit logs to automatically delete them after a certain period of time.

Configure the retention period

To set up the retention period for audit logs, you will need to update the TSB Management Plane Custom Resource adding the cleanupCronSchedule and auditLogsCleanupRetention fields with the desired cron schedule and retention period. Then apply the changes either by using kubectl or Helm depending on how you installed TSB.

  dataStore:
postgres:
address: tsb-postgres.postgres:5432
connectionIdleLifetime: 8500s
connectionIdleMaxOpen: 2
connectionLifetime: 86400s
connectionMaxOpen: 70
name: tsb
sslMode: disable
cleanupCronSchedule: "0 */2 * * *"
auditLogsCleanupRetention: "24h"
  • If auditLogsCleanupRetention is not set, no cleanup will be performed.
  • Minimum retention period is 24 hours.
  • If you didn't set cleanupCronSchedule default schedule is 0 4 * * */1 (At 04:00 on every day-of-week).

Verify the configuration

To verify the configuration, check the cleanupCronSchedule and auditLogsCleanupRetention fields in the MP CR.

kubectl get managementplane managementplane -n tsb -o yaml

You also can check if database-audit-log-cleanup cronjob is created.

NAMESPACE   NAME                                      SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
tsb database-audit-log-cleanup-tsb-postgres 0 */2 * * * False 0 22s 89m
tsb teamsync 0 * * * * False 0 22s 89m

At the specified time, you should see the audit-log-cleanup pods created:

MacBook:tsb-main $ k get pods -n tsb | grep cleanup
database-audit-log-cleanup-tsb-postgres-28477680-hcffm 0/1 Completed 0 14m

Check the logs of the pod created by the cronjob for details about its execution:

MacBook:tsb-main $ k logs database-audit-log-cleanup-tsb-postgres-28477800-pb5fd -n tsb
2024/02/23 06:00:00 info jobs Starting job... [scope="jobs"]
2024/02/23 06:00:00 info jobs job "database-table-deletion" loaded [scope="jobs"]
2024/02/23 06:00:00 info jobs parsing flags for "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00 info jobs parsing inner flags for "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00 info jobs executing job "database-table-deletion" [scope="jobs"]
2024/02/23 06:00:00 info jobs Starting job to delete audit logs with a retention of 24h0m0s [scope="jobs" name="database-table-deletion"]
2024/02/23 06:00:00 info jobs executing statement delete from audit_log where time <= cast(extract(epoch from to_timestamp($1,$2)) as integer); with arguments "2024-02-22 06:00:00" "YYYY-MM-DD HH24:MI:SS" [scope="jobs" name="database-table-deletion"]
2024/02/23 06:00:00 info jobs deleted 0 entries [scope="jobs" name="database-table-deletion"]