NavigationContentFooter
Jump toSuggest an edit
Was this page helpful?

Exporting Audit Trail events to DataDog

Reviewed on 10 February 2025Published on 10 February 2025
  • audit-trail
  • log
  • events

This tutorial shows you how to export your Audit Trail events to DataDog. For the purpose of this tutorail, we are building a custom OpenTelemetry Collector to collect Audit Trail events through the Audit Trail receiver and export them with the DataDog exporter.

Before you startLink to this anchor

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Created an SSH key
  • Created a Scaleway Instance
  • Installed the OpenTelemetry collector builder
  • Created a Datadog account and a Datadog API key

Building the OpenTelemetry collectorLink to this anchor

  1. Open a terminal and check that the ocb binary is ready to be used. The output of the help command should display, meaning the ocb binary is ready to be used.

    ./ocb help

  2. Create a manifest file named builder-config.yaml and paste the following content into it. This file is used to defines code generation, the compile process, and the components to include in your Collector’s distribution.

    dist:
      name: otelcol-audit-trail
      description: OpenTelemetry Collector for Audit Trail
      output_path: ./otelcol-audit-trail
    exporters:
      - gomod:
          github.com/open-telemetry/opentelemetry-collector-contrib/exporter/datadogexporter v0.118.0
    processors:
      - gomod:
          go.opentelemetry.io/collector/processor/batchprocessor v0.118.0
    receivers:
      - gomod:
          github.com/scaleway/opentelemetry-collector-scaleway/receiver/scwaudittrail v0.1.0
    providers:
      - gomod: go.opentelemetry.io/collector/confmap/provider/envprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/fileprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/httpprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/httpsprovider v1.24.0
      - gomod: go.opentelemetry.io/collector/confmap/provider/yamlprovider v1.24.0

  3. Run the following command to build the Collector. GOOS and GOARCH are needed in the command as the target deployment is Linux with an AMD64 CPU.

    GOOS=linux GOARCH=amd64 ./ocb --config builder-config.yaml

You now have a new folder named otelcol-audit-trail/ with the binary otelcol-audit-trail compiled inside.

Deploying the CollectorLink to this anchor

  1. Run the following command to upload the Collector binary to your Instance. Make sure that you replace <INSTANCE_IP_ADDRESS> with the IP address of your Instance.

    scp otelcol-audit-trail/otelcol-audit-trail root@<INSTANCE_IP_ADDRESS>:/usr/local/bin/

  2. Connect to your Instance via SSH:

    ssh root@<INSTANCE_IP_ADDRESS>

Configuring the CollectorLink to this anchor

Create a file named /etc/opentelemetry-collector/config.yaml and paste the following content into it. This file is the configuration our custom Collector will run.

receivers:
  scwaudittrail:
    access_key: <SCW_ACCESS_KEY>
    secret_key: <SCW_SECRET_KEY>
    organization_id: <SCW_DEFAULT_ORGANIZATION_ID>
    region: <SCW_DEFAULT_REGION>
processors:
  batch:
    send_batch_max_size: 1000
    send_batch_size: 100
    timeout: 10s
exporters:
  datadog:
    idle_conn_timeout: 10s
    api:
      key: <DD_API_KEY>
      site: <DD_SITE>
service:
  pipelines:
    logs:
      receivers: [scwaudittrail]
      processors: [batch]
      exporters: [datadog]

Make sure that you replace:

  • <SCW_ACCESS_KEY> with your Scaleway API access key
  • <SCW_SECRET_KEY> with your Scaleway API secret key
  • <SCW_DEFAULT_ORGANIZATION_ID> with your Scaleway Organization ID
  • <SCW_DEFAULT_REGION> with the Scaleway region to target
  • <DD_API_KEY> with your DataDog API secret key
  • <DD_SITE> with the DataDog site you are on

Running the CollectorLink to this anchor

  1. Create a file named /etc/systemd/system/opentelemetry-collector.service and paste the following content into it. This file will create the systemd service that runs the Collector.

    [Unit]
    Description=OpenTelemetry Collector
    After=multi-user.target
    [Service]
    ExecStart=/usr/local/bin/otelcol-audit-trail --config /etc/opentelemetry-collector/config.yaml
    Type=simple
    [Install]
    WantedBy=multi-user.target

  2. Run the following command to update systemd services:

    systemctl daemon-reload

  3. Run the following commands to enable and start the service:

    systemctl enable opentelemetry-collector.service
    systemctl start opentelemetry-collector.service

  4. Make sure that the service is running:

    systemctl status opentelemetry-collector.service

  5. Run the command below to visualize your logs:

    journalctl -fu opentelemetry-collector.service

    An output similar to the following should display to confirm that the Collector is polling Audit Trail events:

    Feb 07 15:34:30 scw-beautiful-zhukovsky otelcol-audit-trail[1723]: 2025-02-07T15:34:30.687Z        info        scwaudittrail@v0.1.0/receiver.go:80        Polling Audit Trail logs        {"kind": "receiver", "name": "scwaudittrail", "data_type": "logs"}

  6. Optionally, log in to your Datadog account and click Logs in the left hand side menu. Your logs should display.

Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2025 – Scaleway