Skip to navigationSkip to main contentSkip to footerScaleway Docs

Exporting Audit Trail events to DataDog

audit-trail
log
events

This tutorial shows you how to export your Audit Trail events to DataDog. For the purpose of this tutorail, we are building a custom OpenTelemetry Collector to collect Audit Trail events through the Audit Trail receiver and export them with the DataDog exporter.

Before you start

To complete the actions presented below, you must have:

Building the OpenTelemetry collector

  1. Open a terminal and check that the ocb binary is ready to be used. The output of the help command should display, meaning the ocb binary is ready to be used.

    ./ocb help
  2. Create a manifest file named builder-config.yaml and paste the following content into it. This file is used to defines code generation, the compile process, and the components to include in your Collector’s distribution.

    dist:
      name: otelcol-audit-trail
      description: OpenTelemetry Collector for Audit Trail
      output_path: ./otelcol-audit-trail
    
    exporters:
      - gomod:
          github.com/open-telemetry/opentelemetry-collector-contrib/exporter/datadogexporter v0.118.0
    
    processors:
      - gomod:
          go.opentelemetry.io/collector/processor/batchprocessor v0.118.0
    
    receivers:
      - gomod:
          github.com/scaleway/opentelemetry-collector-scaleway/receiver/scwaudittrail v0.1.0
    
    providers:
      - gomod: go.opentelemetry.io/collector/confmap/provider/envprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/fileprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/httpprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/httpsprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/yamlprovider v1.24.0
  3. Run the following command to build the Collector. GOOS and GOARCH are needed in the command as the target deployment is Linux with an AMD64 CPU.

    GOOS=linux GOARCH=amd64 ./ocb --config builder-config.yaml

You now have a new folder named otelcol-audit-trail/ with the binary otelcol-audit-trail compiled inside.

Deploying the Collector

  1. Run the following command to upload the Collector binary to your Instance. Make sure that you replace <INSTANCE_IP_ADDRESS> with the IP address of your Instance.

    scp otelcol-audit-trail/otelcol-audit-trail root@<INSTANCE_IP_ADDRESS>:/usr/local/bin/
  2. Connect to your Instance via SSH:

    ssh root@<INSTANCE_IP_ADDRESS>

Configuring the Collector

Create a file named /etc/opentelemetry-collector/config.yaml and paste the following content into it. This file is the configuration our custom Collector will run.

receivers:
  scwaudittrail:
    access_key: <SCW_ACCESS_KEY>
    secret_key: <SCW_SECRET_KEY>
    organization_id: <SCW_DEFAULT_ORGANIZATION_ID>
    region: <SCW_DEFAULT_REGION>

processors:
  batch:
    send_batch_max_size: 1000
    send_batch_size: 100
    timeout: 10s

exporters:
  datadog:
    idle_conn_timeout: 10s
    api:
      key: <DD_API_KEY>
      site: <DD_SITE>

service:
  pipelines:
    logs:
      receivers: [scwaudittrail]
      processors: [batch]
      exporters: [datadog]

Make sure that you replace:

  • <SCW_ACCESS_KEY> with your Scaleway API access key
  • <SCW_SECRET_KEY> with your Scaleway API secret key
  • <SCW_DEFAULT_ORGANIZATION_ID> with your Scaleway Organization ID
  • <SCW_DEFAULT_REGION> with the Scaleway region to target
  • <DD_API_KEY> with your DataDog API secret key
  • <DD_SITE> with the DataDog site you are on

Running the Collector

  1. Create a file named /etc/systemd/system/opentelemetry-collector.service and paste the following content into it. This file will create the systemd service that runs the Collector.

    [Unit]
    Description=OpenTelemetry Collector
    After=multi-user.target
    
    [Service]
    ExecStart=/usr/local/bin/otelcol-audit-trail --config /etc/opentelemetry-collector/config.yaml
    Type=simple
    
    [Install]
    WantedBy=multi-user.target
  2. Run the following command to update systemd services:

    systemctl daemon-reload
  3. Run the following commands to enable and start the service:

    systemctl enable opentelemetry-collector.service
    systemctl start opentelemetry-collector.service
  4. Make sure that the service is running:

    systemctl status opentelemetry-collector.service
  5. Run the command below to visualize your logs:

    journalctl -fu opentelemetry-collector.service

    An output similar to the following should display to confirm that the Collector is polling Audit Trail events:

    Feb 07 15:34:30 scw-beautiful-zhukovsky otelcol-audit-trail[1723]: 2025-02-07T15:34:30.687Z        info        scwaudittrail@v0.1.0/receiver.go:80        Polling Audit Trail logs        {"kind": "receiver", "name": "scwaudittrail", "data_type": "logs"}
  6. Optionally, log in to your Datadog account and click Logs in the left hand side menu. Your logs should display.

Questions?

Visit our Help Center and find the answers to your most frequent questions.

Visit Help Center
No Results