Skip to main content
Version: 8.9 (unreleased)

Configure the audit log

Configure the audit log in Camunda 8 Self-Managed.

Configure recorded operations

The audit log is an important feature with which you can meet regulatory requirements and maintain operational integrity by accessing a record of operations. These records include who performed the operations, when, and on which entities.

The audit log is enabled by default, and the storage it requires may result in increased costs. To mitigate these resource costs, only user operations are tracked by default, not client operations.

To change the default behavior in Camunda 8 Self-Managed, such as to disable the audit log or configure recorded operations, you must configure your deployment:

camunda:
  data:
    audit-log:
      enabled: true
      user:
        categories: [DEPLOYED_RESOURCES, USER_TASKS, ADMIN] # User operations are recorded by default
      client:
        categories: [DEPLOYED_RESOURCES, USER_TASKS, ADMIN] # You must opt in to client operations

See all configuration options to learn more.

If you disable the audit log, new operations are no longer recorded. Changing this setting doesn't cause the existing audit log data to be immediately purged. Instead, it will be cleaned up according to the secondary storage retention settings. Until the data is cleaned up, you can continue to access the data in Operate, Tasklist, Identity, and the Search API.

Configure secondary storage retention

With Camunda 8 Self-Managed, you control the secondary storage retention policy, which applies to audit log records:

camunda:
  data:
    secondary-storage:
      retention:
        enabled: true
        minimum-age: 30d