Overview
This article explains the use cases for Prioritized Log Streams and how this feature functions. It details how the feature highlights security events, especially during high-traffic situations like a Distributed Denial of Service (DDoS) attack.
Applies To
- Log Streams
- Prioritized Log Stream
Solution
Additional details about Prioritized Log Streams can be found below:
- Prioritized Log Streams are a feature designed to highlight security events within a tenant.
- During a Distributed Denial of Service (DDoS) style attack or a period of substantially increased user activity, a Prioritized Log Stream ensures predefined log type events are sent with priority. This helps mitigate the impact on downstream security automation, monitoring, and processes that rely on reviewing the log stream in a timely manner.
- It is a Log Stream focused solely on security-related events that allows for viewing log events closer to real-time during high-traffic scenarios. For example, during a DDoS attack, a standard Log Stream may experience delays, making it harder to analyze attack patterns. A Prioritized Log Stream remains active and sends only security-related events to aid in identifying patterns more quickly.
- Priority Log Streams only send a subset of events related to attack protection feature alerts or potential Short Message Service (SMS) pumping events, which are listed in the Prioritized Log Stream Event Types documentation.
- If a standard Log Stream is also enabled on the tenant, it will still send these log events by default. However, the standard Log Stream can be configured to filter them out to avoid duplication, as described in the Log Stream Event Filters documentation.
- Prioritized Log Streams are included in Enterprise plans and do not count towards the log stream limit detailed in the Auth0 pricing plan.