EPIC: Semantic Conventions for Audit Logs

[hilmarf]

Establish and implement standardized semantic conventions for audit log events to ensure consistency, interoperability, and machine-readability across the audit logging system.

MVP:

• Add at least one flag (or attribute), which marks a log message as audit relevant.

Goals:

• Define domain-specific attributes for audit events (actor, action, resource, outcome, reason)
• Align with OpenTelemetry semantic conventions where applicable
• Create a versioned schema for audit log attributes

Acceptance Criteria:

• Document semantic conventions for audit events including required and optional attributes
• Create examples and templates for common audit event types (authentication, authorization, data access, configuration changes)

Technical Considerations:

• Use OpenTelemetry attributes namespace (e.g., audit.actor.id, audit.resource.type)
• Support both span attributes and log record attributes
• Consider correlation with existing OTEL semantic conventions for HTTP, database, and service operations