Package Security Manager can be configured to automatically generate and export a list of events from the system to external storage, such as an Amazon Web Services (AWS) Simple Storage Service (S3) bucket, or to a valid network storage location.

Anaconda records the following events for export, organized by type:

To establish a background job to generate and export a chronological recording of events that have occurred within the system:

  1. Open a terminal and connect to your instance of Package Security Manager.

  2. Open your installer directory, where the docker-compose.yml file is located, by running the command:

    # Replace <INSTALLER> with the name of your installer directory
cd <INSTALLER>.

  3. Open your docker-compose.yml file using your preferred file editor.

  4. Find the repo_worker: section of the file.

  5. Add the following variables to the repo_worker: environment: section:

    VariableDescription
    REPO_ENABLE_GENERATE_AUDIT_REPORTS=trueRequired. Enables the background job to operate.
    REPO_SCHEDULE_AUDIT_REPORT_CRON=<CRON>Required. Sets the frequency of the job. Replace <CRON> with a valid CRON expression.
    REPO_AUDIT_REPORT_FS=<PARENT_DIRECTORY>Required. Replace <PARENT_DIRECTORY> with an S3 bucket location or a valid file directory path, like file://{BASE_PATH}/statedir/audit-logs
    REPO_AUDIT_REPORT_DOWNLOAD_AS=<FORMAT>Optional. Can set the output for the report as either csv or json. If this value is not provided, the report will default to csv format.
    REPO_CONFIGURE_AUDIT_EVENT_TYPES=<TYPE>,<TYPE>Optional. Specifies that the job only generates and exports these value types in the report. Replace <TYPE> with event types as described above. Separate types with a comma. You can include as many event types as you require. If this variable is not provided, you will generate a report for all events.
    REPO_AUDIT_REPORT_FS_KMS_ID=<KMS_ID>As necessary. Replace <KMS_ID> with your S3 bucket KMS ID, if it has one.

  6. Restart the repo_worker container by running the following command:

    docker compose up --detach

If you are using the REPO_CONFIGURE_AUDIT_EVENT_TYPES= variable, the report will include the artifact_downloaded events even if you do not include it.