docs: write tutorial to export audit trail to datadog

luxifer · luxifer · commit 0478375a68bc · 2025-02-07T16:36:12.000+01:00
diff --git a/tutorials/export-audit-trail-to-datadog/index.mdx b/tutorials/export-audit-trail-to-datadog/index.mdx
@@ -0,0 +1,167 @@
+---
+meta:
+  title: Export Audit Trail to DataDog
+  description: Learn how to export audit trail events to DataDog
+content:
+  h1: Export Audit Trail to DataDog
+  paragraph: Learn how to export audit trail events to DataDog
+tags: audit-trail log events
+categories:
+  - audit-trail
+  - instances
+dates:
+  validation: 2025-02-06
+  posted: 2025-02-06
+---
+
+This guide will help you exporting audit trail events to DataDog. For that, it will depends on building a [custom OpenTelemetry Collector](https://opentelemetry.io/docs/collector/custom-collector/) that will collect Audit Trail events through the [Audit Trail receiver](https://github.com/scaleway/opentelemetry-collector-scaleway/tree/main/receiver/scwaudittrail) and export them with the [DataDog exporter](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/datadogexporter).
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- An [SSH key](/organizations-and-projects/how-to/create-ssh-key/)
+- An [Instance](/instances/how-to/create-an-instance/)
+
+## Building the collector
+
+The first step is to install the OpenTelemetry Collector Builder by following [this link](https://opentelemetry.io/docs/collector/custom-collector/#step-1---install-the-builder).
+
+Once you have the `ocb` binary, you will create the manifest in YAML to configure the builder. Create a file `builder-config.yaml` with the following content:
+
+```yaml
+dist:
+  name: otelcol-audit-trail
+  description: OpenTelemetry Collector for Audit Trail
+  output_path: ./otelcol-audit-trail
+
+exporters:
+  - gomod:
+      github.com/open-telemetry/opentelemetry-collector-contrib/exporter/datadogexporter v0.118.0
+
+processors:
+  - gomod:
+      go.opentelemetry.io/collector/processor/batchprocessor v0.118.0
+
+receivers:
+  - gomod:
+      github.com/scaleway/opentelemetry-collector-scaleway/receiver/scwaudittrail v0.1.0
+
+providers:
+  - gomod: go.opentelemetry.io/collector/confmap/provider/envprovider v1.24.0
+  - gomod: go.opentelemetry.io/collector/confmap/provider/fileprovider v1.24.0
+  - gomod: go.opentelemetry.io/collector/confmap/provider/httpprovider v1.24.0
+  - gomod: go.opentelemetry.io/collector/confmap/provider/httpsprovider v1.24.0
+  - gomod: go.opentelemetry.io/collector/confmap/provider/yamlprovider v1.24.0
+```
+
+Then you can build the collector by running the following command:
+
+```
+./ocb --config builder-config.yaml
+```
+
+You will have a new folder named `otelcol-audit-trail/` with the binary compiled inside named `otelcol-audit-trail`.
+
+## Deploying the collector
+
+The next thing to do is to upload the collector binary to your instance:
+
+```
+scp otelcol-audit-trail/otelcol-audit-trail root@<IP ADDRESS>:/usr/local/bin/
+```
+
+The remaining of the tutoial will happen inside the instance, you need to ssh to it.
+
+```
+ssh root@<IP ADDRESS>
+```
+
+## Configure the collector
+
+The custom collector we just build needs a configuration to run. Create the file `/etc/opentelemetry-collector/config.yaml` with the following content:
+
+```yaml
+receivers:
+  scwaudittrail:
+    access_key: <SCW_ACCESS_KEY>
+    secret_key: <SCW_SECRET_KEY>
+    organization_id: <SCW_DEFAULT_ORGANIZATION_ID>
+    region: <SCW_DEFAULT_REGION>
+
+processors:
+  batch:
+    send_batch_max_size: 1000
+    send_batch_size: 100
+    timeout: 10s
+
+exporters:
+  datadog:
+    idle_conn_timeout: 10s
+    api:
+      key: <DD_API_KEY>
+      site: <DD_SITE>
+
+service:
+  pipelines:
+    logs:
+      receivers: [scwaudittrail]
+      processors: [batch]
+      exporters: [datadog]
+```
+
+Be sure to replace the following variables:
+- SCW_ACCESS_KEY: Scaleway API access key
+- SCW_SECRET_KEY: Scaleway API secret key
+- SCW_DEFAULT_ORGANIZATION_ID: Scaleway organization ID
+- SCW_DEFAULT_REGION: Scaleway region
+- DD_API_KEY: DataDog API key
+- DD_SITE: DataDog site (see documentation in [DataDog site](https://docs.datadoghq.com/getting_started/site/#access-the-datadog-site))
+
+## Running the collector
+
+Create the systemd service that will run the collector by creating the file `/etc/systemd/system/opentelemetry-collector.service` with the following content:
+
+```
+[Unit]
+Description=OpenTelemetry Collector
+After=multi-user.target
+
+[Service]
+ExecStart=/usr/local/bin/otelcol-audit-trail --config /etc/opentelemetry-collector/config.yaml
+Type=simple
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Run the following command to update systemd services:
+
+```
+systemctl daemon-reload
+```
+
+Then you can enable and start the service by running:
+
+```
+systemctl enable opentelemetry-collector.service
+systemctl start opentelemetry-collector.service
+```
+
+You can ensure the service is running with the command:
+
+```
+systemctl status opentelemetry-collector.service
+```
+
+And you can follow the logs with the command
+
+```
+journalctl -fu opentelemetry-collector.service
+```
+
+To confirm that the collector is polling Audit Trail events you should see something like this in the logs:
+
+```
+Feb 07 15:34:30 scw-beautiful-zhukovsky otelcol-audit-trail[1723]: 2025-02-07T15:34:30.687Z        info        scwaudittrail@v0.1.0/receiver.go:80        Polling Audit Trail logs        {"kind": "receiver", "name": "scwaudittrail", "data_type": "logs"}
+```
