# audit setting
# by default, Scylla does not audit anything.
# It is possible to enable auditing to the following places:
# - audit.audit_log column family by setting the flag to "table"
audit: "syslog"
#
# List of statement categories that should be audited.
audit_categories: "DCL,DDL,AUTH"
#
# List of tables that should be audited.
audit_tables: "mykespace.mytable"
#
# List of keyspaces that should be fully audited.
# All tables in those keyspaces will be audited
audit_keyspaces: "mykespace"
Unfortunately, it looks like you need to explicitly list all tables in there, if you want them audited.
@tzach is there a specific reason we don’t have a catch-all option?
No specific reason.
The assumption was that Audit, as a performance-consuming feature, would be used for specific keyspace and tables.