Ask a Question
Back to All

Considerations when using SEQ as AuditLog

We have been considering the Pros and Cons of using SEQ as the repository for our AuditLog. I have read a few questions in this forum (eg. This and This ). However I still have a few questions:

What's the difference between WriteTo and AuditTo?
Assuming that the SEQ server and the connection to the SEQ server doesn't go down - I would guess that WriteTo still maintains the same sequence of events as AuditTo? Or that this problem could be solved using a timestamp generated in the client code? As far as I have understood this - just using WriteTo and not generating the 'auditing timestamp' - but relying on the SEQ server timestamp will actually be a problem for the sequence?

Is there a difference with exceptions, when using WriteTo and AuditTo?
In one of the previous post - answers you wrote:

AuditTo has the advantage of logging synchronously and propagating any exceptions, > but of course comes with a corresponding performance cost. You could use a second
server and WriteTo if guaranteed audit logging isn't a strict requirement.
Could you try and explain this in a bit more detail?

Is performance good enough?
When sending both regular 'warnings and errors' to SEQ the number should be pretty low, but including an audit trail for each user severily increases the number of events sent to SEQ. Do you have a kind of 'formula' to use when trying to estimate disc usage and other HW specs? The reason I'm asking is that it could be a requirement to keep this kind of data between 1-5 years and I'm kind of worried that disc space especially could be an issue - because the auditlog cannot be deleted and it should also still be searchable.

Could you perhaps add a seperate documentation section about using SEQ as AuditLog?
SEQ has many advantages and I'm assuming that we are not the first ones considering to use SEQ as a audit log repo - it might be worth it to keep a seperate link on the documentation page about this. Just describing those 'special concerns' that needs to be thought about when using SEQ for this fairly important log.