Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.draskencloud.com/llms.txt

Use this file to discover all available pages before exploring further.

Nexus maintains a structured audit log of all requests. By default, audit records are stored in the database. Configure forwarders to ship them to external systems.

Enable Audit Logging

Audit logging is always-on. Configure forwarders to send records externally: 
GATEWAY_AUDIT__BUFFER_SIZE=10000
GATEWAY_AUDIT__BATCH_SIZE=500
GATEWAY_AUDIT__FLUSH_INTERVAL_MS=5000
GATEWAY_AUDIT__RETRY_MAX_ATTEMPTS=3

Query Audit Logs

curl http://localhost:9090/api/v1/audit \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN"

Forwarder Types

File

[[audit.forwarders]]
name = "file"
type = "file"
enabled = true
path = "logs/audit.jsonl"
max_mb = 200
max_days = 30
compress = false
event_types = []  # empty = all event types

Webhook / SIEM

[[audit.forwarders]]
name = "siem"
type = "webhook"
enabled = true
url = "https://siem.example.com/ingest"
timeout_secs = 10
event_types = ["security", "auth_failure"]

[audit.forwarders.headers]
Authorization = "Bearer siem-token"

PostgreSQL

[[audit.forwarders]]
name = "postgres"
type = "postgres"
enabled = true
event_types = []
batch_size = 500
flush_interval_ms = 5000

Logging Pipeline

Enable request/response logging in addition to audit: 
GATEWAY_LOGGING__ENABLED=true
GATEWAY_LOGGING__SLOW_REQUEST_THRESHOLD_MS=1000  # log slow requests

Log Types

TypeVariableDefault
Access logsGATEWAY_LOGGING__TYPES__ACCESStrue
Audit logsGATEWAY_LOGGING__TYPES__AUDITtrue
Error logsGATEWAY_LOGGING__TYPES__ERRORtrue
Security eventsGATEWAY_LOGGING__TYPES__SECURITYtrue
Policy eventsGATEWAY_LOGGING__TYPES__POLICYtrue
Health checksGATEWAY_LOGGING__TYPES__HEALTHtrue
Cache eventsGATEWAY_LOGGING__TYPES__CACHEfalse
Slow requestsGATEWAY_LOGGING__TYPES__SLOW_REQUESTtrue

Dead Letter

When forwarding fails after all retries, records are written to the dead-letter file: 
GATEWAY_AUDIT__DEAD_LETTER_PATH=logs/audit_dead_letter.jsonl