Comparing management and data event logs
Audit Trails audit logs may contain two types of events: management events and data events. You can specify the types of events to collect, destination object, audit log collection scopes, and other settings when creating or modifying a trail.
Management events
Management events include actions performed to configure Yandex Cloud resources. By default, Audit Trails logs management events for all supported services in your Yandex Cloud account.
Events related to actions such as creating, updating, or deleting infrastructure components, users, or policies belong to this type of events. For instance, creating an instance group, creating a federation in Cloud Organization, or deleting a database cluster are all management events.
Management events are logged if the trail settings enable the collection of management events and an audit log collection scope is specified.
Data events
Data events include updates and actions related to data and resources within Yandex Cloud services. By default, Audit Trails does not log data events. You need to enable collection of data event audit logs and customize the collection scope in the trail settings individually for each supported service.
Data events can be logged for the following services:
- Yandex Certificate Manager
- Yandex Cloud DNS
- Yandex Compute Cloud
- Yandex Identity and Access Management
- Yandex Key Management Service
- Yandex Lockbox
- Yandex Managed Service for ClickHouse®
- Yandex Managed Service for Kubernetes
- Yandex Managed Service for MongoDB
- Yandex Managed Service for MySQL®
- Yandex Managed Service for PostgreSQL
- Yandex Managed Service for Valkey™
- Yandex Object Storage
- Yandex Security Deck
- Yandex SpeechSense
- Yandex Smart Web Security
- Yandex Wiki
- Yandex WebSQL