Skip to main content

Decision Logs

Decision logs are records of the decisions performed by Aserto authorizers that are collected into a central location by the Aserto Control Plane. Both hosted and sidecar authorizers can generate decision logs for policies that have them enabled.

Decision logs can be accessed through the Aserto API and the Aserto CLI. Both of these methods support downloading data as storage objects as well as a near-real-time data stream.

Storage objects hold decision log data for an extended period of time, are not real-time, and are immutable. They can be used to efficiently feed analytics systems such as Elasticsearch.

Data streams hold data for a short period of time, are near real-time and can be used to feed into data streaming systems or to build applications that require up-to-the-minute data.

Decision logs can be configured and accessed in several ways:

  • Console: GUI for enabling, disabling and viewing decision logs
  • API: find and retrieve decision log data
  • CLI: automate decision logs data retrieval