Enable Workspace File Access auditing to capture file-level operations in workspaces. This feature is opt-in and requires enablement before use.
Verify that you have the following:
-
AWS-based Domino deployment (cloud or on-prem)
-
Domino version 6.2 or later
|
Note
| Azure and GCP support will be available in future releases. |
Enable the service
For customer-managed deployments, enable Workspace File Audits by configuring object storage buckets and Domino settings.
-
Create two S3 buckets for audit storage and configure required permissions. The Domino Terraform module has bucket configuration details.
-
Configure the Workspace File Audit settings in your installation.
-
See the below sections to enable the Workspace File Audit App.
Query and export file-level audit data using the Workspace File Audit App.
Deploy the application
Set up the Workspace File Audit App to query and export audit data. The app is available from the Domino GitHub repository and requires the Domino Standard Environment (DSE).
|
Tip
| Hardware requirements depend on query scope. For typical usage (up to one month of events), use at least 6 CPU cores and 8 GB memory. For larger time ranges, use more resources. |
-
Go to Projects > New Project, then select Import from Git and enter the repository URL:
https://github.com/dominodatalab/Workspace-File-Audit-Application -
Complete the project creation and open the project.
-
Go to Deployments > Apps & Agents > Publish > App.
-
Configure the deployment:
-
Name and Description (example: "Workspace File Audit Query Tool").
-
App file:
start.sh -
Environment: Latest Domino Standard Environment
-
Hardware Tier: Select based on your organization’s tier names and resource needs
-
-
Select Enable deep linking and query parameters then click Publish.
-
Wait for the app status to show Running, then select Open.
Note: If DSE is not available in your deployment, contact your Domino administrator.
Filter and view events
Filter audit events by date range, event type, user, project, or file path.
-
In the Workspace File Audit App, select a Date Range (recommended: 90 days or less; maximum: 1 year).
-
Select filters for Event, Username, Project Name, or File path.
-
Select Submit.
Results display in two views:
-
Events Over Time chart: Total event counts across your timeframe
-
Events Details table: Individual events with timestamp, user, event type, and file path
Note: New event data becomes available approximately every hour.
Export events
Export system events from the UI or API for compliance reporting, security investigations, or long-term archival.
-
Filter events to the desired results.
-
Select Download Parquet or Download CSV.
-
Save the file locally.
The system automatically splits and packages CSV exports over 1 million records as a ZIP archive.
Use the Audit Trail API to programmatically access Workspace File Access events:
-
Authenticate with standard Domino API credentials
-
Filter by time range, user, event type, or resource
-
Export data for external reporting or archival
Domino stores processed events as Parquet files. Query them directly with cloud tools or analytics engines like DuckDB.
- Domino Cloud and DCLS
-
Domino stores audit events in Domino-hosted object storage within a single-tenant, fully managed environment. Domino manages storage infrastructure and access controls. Request credentials from Domino for authorized access.
- Customer-managed deployments
-
Domino stores audit events in customer-owned object storage (Amazon S3, Azure Blob Storage, or Google Cloud Storage). Contact your administrator for access.
Clone the official repository to create a custom version for your organization. This lets you extend functionality, apply internal branding, or control rollout timing.
|
Warning
| Customized apps will not be tested/validated for each new release; only our official Domino App is supported. |
-
Clone the repository to your organization’s Git account.
-
Create a Git-based project in Domino pointing to your cloned repository.
-
Deploy your custom version.
Configure audit behavior using these Central record flags
Read event deduplication interval
com.cerebro.domino.workspaceFileAudit.UniqueReadEventPeriodInMinutes
Defines the time window for deduplicating read events. Domino records repeated reads of the same file by the same user as a single event within this interval.
-
Type: Integer
-
Default: 60 (minutes)
Write event deduplication interval
com.cerebro.domino.workspaceFileAudit.UniqueWriteEventPeriodInMinutes
Defines the time window for deduplicating write events. Domino records repeated writes to the same file by the same user as a single event within this interval.
-
Type: Integer
-
Default: 60 (minutes)
Event processing frequency
com.cerebro.domino.workspaceFileAudit.eventProcessingInMinutes
Defines how often Domino processes and writes events to object storage.
-
Type: Integer
-
Default: 60 (minutes)
-
Minimum: 60 (minutes)
-
Maximum: 360 (minutes)
Tracked event types
com.cerebro.domino.workspaceFileAudit.TrackedEventTypes
Defines which file operations Domino tracks.
-
Type: Comma-separated event names
-
Default:
“Create”,”Read”,”Write”,”Delete”,”Rename”
For information on modifying these settings, see the Configuration records documentation.
-
Workspace File Access events: How Domino captures file-level operations in workspaces
-
Monitoring and alerting: Set up Grafana alerts for audit pipeline failures
-
Central configuration records: Central config settings reference for Workspace File Audits