Overview
CloudNexus Audit Logs provide a comprehensive, tamper-proof record of all administrative and operational actions performed within your account. Whether it's a user creating a new VPS, an API key rotation, a firewall rule change, or an automated scaling event, every action is captured, timestamped, and indexed for instant retrieval.
All audit logs are encrypted at rest (AES-256) and in transit (TLS 1.3). Log integrity is verified via SHA-256 chain hashing to prevent tampering or unauthorized modification.
Audit logs are enabled by default for all accounts. Enterprise plans include extended retention, real-time streaming to SIEM tools, and advanced query capabilities.
Core Capabilities
Real-Time Ingestion
Events are captured and indexed within milliseconds of occurrence, ensuring zero delay in security monitoring and incident response.
Immutable Storage
Write-once, read-many (WORM) storage architecture guarantees logs cannot be altered or deleted after ingestion.
Advanced Filtering
Query by user, IP, resource type, event category, severity, or custom tags using our GraphQL-powered search engine.
Role-Based Access
Fine-grained IAM policies control who can view, export, or stream audit logs. Separation of duties enforced by default.
Export & Archival
Export to S3, GCS, or Azure Blob in JSON, CSV, or Parquet formats. Automatic lifecycle policies for cold storage.
Anomaly Detection
AI-driven patterns flag unusual activity like off-hours logins, rapid resource provisioning, or privilege escalation attempts.
Log Structure
Every audit event follows a standardized JSON schema compliant with OpenTelemetry and Cloud Events specifications. This ensures seamless parsing and ingestion into third-party observability platforms.
{
"eventId": "evt_9f8e7d6c5b4a3210",
"timestamp": "2025-10-12T14:32:08.442Z",
"actor": {
"type": "user",
"id": "usr_a1b2c3d4",
"email": "admin@cloudnexus.io"
},
"action": "vps.scale.up",
"resource": {
"type": "vps",
"id": "vps_7x8y9z0w",
"region": "us-east-1"
},
"metadata": {
"previousSpec": "standard-2",
"newSpec": "performance-4",
"ipAddress": "203.0.113.42"
},
"status": "success",
"severity": "info"
}
Event categories are grouped by domain: auth, compute, network, storage, iam, and billing. Use the action field to filter specific operations like k8s.cluster.delete or firewall.rule.update.
Compliance & Retention
CloudNexus Audit Logs are designed to meet stringent regulatory requirements across global industries. Our infrastructure supports audit-ready reporting out of the box.
| Plan | Retention Period | Export Formats | Streaming | Status |
|---|---|---|---|---|
| Starter | 30 Days | JSON, CSV | No | Available |
| Professional | 90 Days | JSON, CSV, Parquet | Webhooks | Available |
| Enterprise | 365+ Days (Custom) | All + SIEM Native | Real-time (Kafka/SQS) | Available | d>
Enterprise customers can enable Immutable Vault Mode to enforce strict WORM policies aligned with SEC Rule 17a-4, FINRA, and NIST 800-53 logging requirements.
Streaming & Integrations
Route audit events to your existing security stack without polling. CloudNexus supports multiple delivery mechanisms:
- Webhooks: HTTP POST to custom endpoints with automatic retry & signature verification (HMAC-SHA256).
- CloudWatch / Datadog / Splunk: Native forwarders with log parsing templates pre-configured.
- Kafka / SQS: Real-time topic-based streaming for high-throughput environments.
- CLI & Terraform: Configure destinations programmatically via our IaC provider.
cnx audit-stream create \n --name "siem-forwarder" \n --type webhook \n --url "https://security.example.com/logs" \n --events "auth.*,compute.*" \n --retry-max 5
Getting Started
Enable and configure audit log destinations in under 2 minutes:
Navigate to Settings → Security → Audit Logs in your CloudNexus dashboard. All historical events are automatically loaded.
Select your retention tier and add a delivery destination. Use the preview pane to validate log formatting before enabling production routing.
Define threshold-based notifications for high-severity events like iam.role.escalate or firewall.rule.delete. Integrate with PagerDuty, Slack, or email.
Ready to secure your infrastructure?
Explore the full Audit Logs API reference or enable streaming in your console today.