Kafka Audit Logs

The following section documents environment variables for configuring MinIO AIStor to publish audit logs to a Kafka broker.

The top-level configuration key for defining a Kafka broker target for publishing MinIO AIStor audit logs.

export MINIO_AUDIT_KAFKA_BROKERS="https://kafka-endpoint.example.net:9092"

mc admin config set audit_kafka \
   brokers="https://kafka-endpoint.example.net:9092" [ARGUMENTS=VALUE ...]

Set to “on” to enable the target. Set to “off” to disable the target.

A comma-separated list of Kafka broker addresses.

The name of the Kafka topic to associate to MinIO AIStor audit log events.

Set to “on” to enable TLS connectivity to the specified Kafka brokers. Defaults to “off”.

Set to “on” to direct MinIO AIStor to skip verification of the Kafka broker TLS certificates.

Set to “on” to direct MinIO AIStor to use SASL to authenticate against the Kafka brokers.

The SASL username MinIO AIStor uses for authentication against the Kafka brokers.

The SASL password MinIO AIStor uses for authentication against the Kafka brokers.

The SASL mechanism MinIO AIStor uses for authentication against the Kafka brokers. Defaults to plain.

Set to “on” to direct MinIO AIStor to use mTLS to authenticate against the Kafka brokers.

The path to the TLS client certificate to use for mTLS authentication.

The path to the TLS client private key to use for mTLS authentication.

The version of the Kafka broker MinIO AIStor expects at the specified endpoints.

The maximum number of times MinIO AIStor retries sending a failed event. Defaults to 5.

The time in seconds MinIO AIStor waits between retrying a failed event. Defaults to 1 second.

A comment to associate with the configuration.

Specify the directory path to enable MinIO AIStor’s persistent event store for undelivered messages, such as /opt/minio/events.

Specify the maximum limit for undelivered messages. Defaults to 100000.