Audit Logs

migVisor employs audit logging to detect unauthorized activities and provide accountability for migVisor personnel. Audit logs capture details about system configuration changes and access events, with details to identify who was responsible for the activity, when and where the activity took place, and what the outcome of the activity was.

AWS

Management events are configured to log management operations observed on AWS resources.

Data events are configured on required AWS resources used by migVisor.

VPC Flow Logs, Route53 Query Logs, S3 Server Access Logging, and ELB Access Logs are used to capture audit-level information.

API calls for management and data events are captured by CloudTrail.

migVisor public API calls are stored in Amazon DynamoDB.

migVisor applications logs are captured by Amazon CloudWatch and include session-level information.

Azure

System events are configured to log system operations observed on Azure resources.

Data events are configured on required Azure resources used by migVisor.

migVisor public API calls are stored in the application log.

migVisor applications logs are captured by Azure Log Analytics service and include session-level information.

GCP

System Event audit logs are configured to log system operations generated by Google systems.

Admin Activity audit logs are configured to capture API calls invoked on GCP resources.

System Event and Admin Activity audit logs are written continuously and can’t be disabled.

Data Access audit logs are configured for required GCP resources used by migVisor.

VPC Flow Logs and Cloud DNS query logs are used to capture audit-level information.

migVisor public API calls are stored in Firestore.

migVisor applications logs are captured by GCP Logging service and include session-level information.

All logs are stored for periods between 1 and 2 years, depending on the nature of the data and type of usage.