Yandex Audit Trails event reference
Audit Trails supports tracking control plane (management) and data plane (data) events for Yandex BareMetal.
The general format of the event_type field value is as follows:
yandex.cloud.audit.baremetal.<event_name>
You can find the detailed JSON structure of the event record in the audit log reference. The events in it are sorted alphabetically without division into levels and contain all possible fields. In real logs, the field set depends on the parameters of the event and particular object.
Management event reference
| Event name | Description |
|---|---|
ApplyUpdatePrivateCloudConnection |
Applying updates to a private connection to subnets in a VPC or on-prem infrastructure |
BatchCreateServer |
Renting several BareMetal servers at the same time |
CreateImage |
Creating a boot image |
CreatePrivateCloudConnection |
Creating a private connection to subnets in a VPC or on-prem infrastructure |
CreatePrivateSubnet |
Creating a private subnet |
CreatePublicPrefixPool |
Creating a public prefix pool |
CreatePublicSubnet |
Creating a public subnet |
CreateServer |
BareMetal server rent |
CreateVRF |
Creating a virtual network segment (VRF) |
DeleteImage |
Deleting a boot image |
DeletePrivateCloudConnection |
Deleting a private connection to subnets in a VPC or on-prem infrastructure |
DeletePrivateSubnet |
Deleting a private subnet |
DeletePublicPrefixPool |
Deleting a public prefix pool |
DeletePublicSubnet |
Deleting a public subnet |
DeleteServer |
Completely removing the BareMetal server, wiping disks and all user data |
DeleteVRF |
Deleting a virtual network segment (VRF) |
PowerOffServer |
Powering off a BareMetal server |
PowerOnServer |
Powering on a BareMetal server |
RebootServer |
Restarting a BareMetal server |
RegisterServerBackupAgent |
Registering a Yandex Cloud Backup agent on a BareMetal server |
ReinstallServer |
Reinstalling a BareMetal server OS |
StartServerProlongation |
Enabling auto-renewal of BareMetal server lease |
StopServerProlongation |
Disabling auto-renewal of BareMetal server rent |
UpdateImage |
Updating a boot image |
UpdatePrivateCloudConnection |
Updating a private connection to subnets in a VPC or on-prem infrastructure |
UpdatePrivateSubnet |
Updating a private subnet |
UpdatePublicPrefixPool |
Updating a public prefix pool |
UpdatePublicSubnet |
Updating a public subnet |
UpdateServer |
Updating a BareMetal server |
UpdateVRF |
Updating a virtual network segment (VRF) |
Data event reference
| Event name | Description |
|---|---|
flowlogs.ExternalFlow |
Traffic flow from BareMetal servers to external networks |
flowlogs.ExternalFlow event
The flowlogs.ExternalFlow event contains aggregate information about BareMetal server traffic streams to external networks.
Warning
ExternalFlow events are sampled from every 1,000th packet and aggregated for a five-minute interval.
The details object of a flowlogs.ExternalFlow event contains the following fields:
|
Field |
Type |
Description |
|
|
int64 |
IP version: |
|
|
int64 |
Transport protocol IANA number, e.g., |
|
|
string |
Source IP address |
|
|
string |
Destination IP address |
|
|
string |
Traffic direction, with |
|
|
int64 |
Source port |
|
|
int64 |
Destination port |
|
|
timestamp |
Aggregation period start time in RFC 3339 format |
|
|
timestamp |
Aggregation period end time in RFC 3339 format |
|
|
int64 |
Number of packets for the aggregation period |
|
|
int64 |
Number of bytes for the aggregation period |
|
|
string |
TCP flags in hex format, e.g., |
|
|
string |
Subnet ID |
|
|
string |
Folder ID |