From c6b01890456db1442868d934e558f41fa8663b33 Mon Sep 17 00:00:00 2001 From: Rachel Elledge Date: Wed, 5 Mar 2025 17:16:41 -0500 Subject: [PATCH] DOC-4860 RS: Added external listener examples to audit connection events --- content/operate/rs/security/audit-events.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/operate/rs/security/audit-events.md b/content/operate/rs/security/audit-events.md index 81cb6af2b5..2d3fc5b45a 100644 --- a/content/operate/rs/security/audit-events.md +++ b/content/operate/rs/security/audit-events.md @@ -20,6 +20,12 @@ The following events are tracked: When tracked events are triggered, notifications are sent via TCP to an address and port defined when auditing is enabled. Notifications appear in near real time and are intended to be consumed by an external listener, such as a TCP listener, third-party service, or related utility. +Example external listeners include: + +- [`ncat`](https://nmap.org/ncat/): useful for debugging but not suitable for production environments. + +- Imperva Sonar: a third-party service available for purchase separately from Redis Enterprise Software. See [Redis Onboarding Steps](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Redis-Onboarding-Steps_48368215.html) for more information. + For development and testing environments, notifications can be saved to a local file; however, this is neither supported nor intended for production environments. For performance reasons, auditing is not enabled by default. In addition, auditing occurs in the background (asynchronously) and is non-blocking by design. That is, the action that triggered the notification continues without regard to the status of the notification or the listening tool.