Skip to main content

Export Decision and User Activity Logs

The Decision and User Activity exporting feature allow you to send your decision and activity logs to external data sources. When this data is exported from DAS, it can be analyzed or sent elsewhere for further processing.

note

This feature is supported for WORKSPACE-level users only.

Operations

The Decision and User Activity exporting feature is located under the WORKSPACE >> Settings pane. Use the Decision Export or User Activity Export to perform the following operations:

Export Registry Types

To export a registry type:

  1. In the Styra DAS GUI, navigate to WORKSPACE >> Settings >> Decision Export Target or User Activity Export Target pane.

  2. Click the drop down list under Decision Export Target or User Activity Export Target and select of the one following registry type.

Amazon S3

DAS exports a copy of its user activities to an Amazon S3 bucket.

  • Region (required): A string representing the AWS region. Select one of the regions from AWS service Endpoints page. For example, us-east-1.

  • Bucket Name (and Path) (required): A string representing the bucket name. Enter the bucket name and a path within that bucket. For example, amazon-s3-bucket-testing. For more information on how to setup an AWS user and an Amazon S3 bucket for secure Styra DAS S3 access, see the Amazon S3 Bucket Access page.

  • Endpoint: A gateway endpoint. For more information, see the Amazon S3 Endpoints page.

  • Access Key ID (required): Enter the access key ID. For more information, see the AWS IAM User Access Keys page.

  • Secret Access Key (required): A Styra DAS secret is required if you are using an Amazon S3 bucket within your own AWS account.

  • Export Interval: Set the time interval between 30 seconds to 1 hour.

Google Cloud Storage

Styra DAS exports a copy of its user activities to a GCS bucket.

  • Region (required): A string representing the AWS region. Select one of the regions from Google Cloud Storage Endpoints page. For example, us-east-1.

  • Bucket Name (and Path) (required): A string representing the bucket name. Enter the bucket name and a path within that bucket. For example, gcs-bucket-testing.

  • Endpoint: A gateway endpoint. For more information, see the Google Cloud Storage Endpoints page.

  • Access Key ID (required): Enter the access key ID. For more information, see the hash-based message authentication code keys page.

  • Secret Access Key (required): This DAS secret is required if you are using a Google Cloud Storage bucket within your own Google Cloud Storage account.

  • Export Interval: Set the time interval between 30 seconds to 1 hour.

Azure Blob Storage

DAS exports a copy of its user activities to an Azure Blob Storage container.

  • Container Name and Path: A string representing the bucket name. Enter the bucket name and a path within that bucket. For example, azureblobstorage-bucket-testing.

  • Endpoint: A gateway endpoint. For more information, see the Azure Endpoints page.

  • Account Name: A string representing the Azure blob storage account name. Create an Azure Blob Storage Account.

  • Access Key or SAS Token: Enter the access key ID. For more information, see the Azure storage account keys page.

  • Export Interval: Set the time interval between 30 seconds to 1 hour.

Kafka

DAS exports a copy of its user activities to Kafka.

  • Brokers: Enter one or more Kafka brokers.

  • Topic: Enter a Kafka topic. For example, test-topic.

  • Required Acks: Select WaitForAll or WaitForLocal from the drop down list.

  • Security Protocol: Select PLAINTEXT, SASL-TLS, or TLS from the drop down list.

  • Authentication: Fill the details for PLAINTEXT, SASL, or TLS from the drop down list.

  • Kafka PLAIN

    • Username: Enter a username.
    • Password: Enter a password.
  • Kafka SASL

    • SASL Mechanism: Select PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512 from the drop down list.
    • Username: Enter a username.
    • Password: Enter a password.
    • SASL Version: SASL version default is 1. Set to 0 for Azure Event Hub).
  • Kafka TLS

    • RootCA: Enter the root certificate.
    • Client Certificate: Enter the client certificate.
    • Client Key: Enter the client key.
    • Insecure Skip Verify: Skip server certificate chain and host verification. Default: false.
  • Advanced Settings

    • Version: Enter the Kafka version. For example, 2.0.0.
    • Compression: Select None, GZIP, SNAPPY, LZ4, or ZSTD from the drop down list.
    • Max Retries: Enter the maximum number of retries. For example, 3.
    • Max Message Size: Enter the maximum message size in bytes. For example, 1000000.
    • Timeout: Enter the message timeout duration. For example, 10s.
    • Idempotent: Enable or Disable Kafka idempotent exactly-once reliability semantics using the toggle switch.

Export Interval

To set export interval:

Set the Export Interval drop down to a time interval between 30 seconds to 1 hour. This shows the time between exports which are configured based on the size and magnitude of decision or user activity log.

Remove Export Configuration

To remove the existing export configuration:

  1. Click the drop down menu from the Decision Export Target or User Activity Export Target pane.

  2. Select None and click Save changes button.

Now, the existing export configuration is deleted. All saved export information will be removed from the DAS and deleted.

caution

Saving changes will overwrite previous User Activity Export settings.

View Export Status

To view the decision export or user activity export status, hover over User Activity Export to see for success or for failure.

Reset Export Configuration

To reset the current export configuration:

  1. Click the drop down menu from the Decision Export Target or User Activity Export Target pane.

  2. Click the Reset button.

Now, the Reset button clears all the current parameters of the registry. All configuration information saved in the DAS is not deleted, until you click the Save changes.