Skip to main content

Cloud logging and monitoring

Atlan exports IAM service event logs in the OpenTelemetry Protocol (OTLP) specification and securely delivers them to the Amazon S3, Google Cloud Storage (GCS), or Azure Blob Storage bucket of your organization. This integrates logs with security information and event management (SIEM) systems for security monitoring and alerts.

Log format

The OTLP format ensures seamless integration with SIEM systems. Logs are organized by date and event type, stored in compressed gzip format in your organization's preferred object storage (S3, GCS, or Azure Blob Storage). Log storage structure varies by cloud provider—see the provider-specific setup guides for details.

JSON schema

The JSON file structure follows the OTLP specification:

{
    "resourceLogs": [
        {
            "resource": {
                "attributes": []
            },
            "scopeLogs": [
                {
                    "scope": {},
                    "logRecords": [
                        {
                            "timeUnixNano": "1725861538220747913",
                            "observedTimeUnixNano": "1726071786185095727",
                            "body": {
                                "stringValue": "//redacted logline"
                            },
                            "traceId": "",
                            "spanId": ""
                        }
                    ]
                }
            ]
        }
    ]
}

Secure delivery

Logs are encrypted in transit and at rest, with mechanisms to validate data integrity.

Log delivery timing

Delivery timing varies by cloud provider:

Cloud ProviderInitial DeliveryReplication to CustomerDetails
AWS S3~10 seconds~15 minutesContinuous replication, no delays
GCP Cloud StorageSeveral hoursSeveral hoursHourly processing for Cloud Storage destinations
GCP other destinationsReal-timeReal-timeNon-Cloud Storage destinations processed in real time
Azure Blob StorageNear real-timeContinuousAsynchronous replication through object replication policies

Customer access

Logs are available through S3, GCS, or Blob Storage for monitoring and alerting. Once replicated to your destination, logs remain available for querying, archiving, and integration with SIEM systems.

See also