Prerequisites
- Install and configure the Nebius AI Cloud CLI.
- Make sure you are in a group that has the
adminorauditlogs.audit-event-exporterrole within your tenant. You can check this in the Administration → IAM section of the web console. - Make sure that you have the
storage.uploaderrole for the destination Object Storage bucket.
How to export events
Audit events are stored in the region where the activity occurred, so you must specify
--region in your command. To cover activity in several regions, repeat the command for each of them. If you omit the region, the command defaults to eu-north1 until August 13, 2026. After that, setting the region explicitly is required and all events will be stored in the selected region.-
Copy the ID of the tenant you want to export events for:
- Select an existing bucket or create a new one in the region you export events from — the destination bucket must be in the same region as the events. Copy the bucket ID.
-
Start an export:
In the command above, specify:
--parent-id: Tenant ID that you copied earlier.--params-from: Start time for the export, in the ISO 8601 format.--params-to: End time for the export, in the ISO 8601 format.--params-event-type(optional): Type of audit event to export:control_planeordata_plane. Default:control_plane.- Control plane events (default): Track management operations on resources, such as creating, updating or deleting virtual machines, clusters or other infrastructure resources.
- Data plane events: Track data access operations, such as reading or writing objects in Object Storage buckets.
--nebius-object-storage-bucket-by-id-id: Destination bucket ID that you copied earlier. The bucket must be in the same region as the exported events.--nebius-object-storage-object-prefix(optional): Object prefix. If you omit it, theauditlogsprefix is used by default.--params-filter(optional): Filter expression to narrow down exported events. For more information, see How to filter audit events.--region(optional): Region to export audit events from. Default:eu-north1.
How to check the status of an export
To check the current state and parameters of an export, get it by ID:RUNNING, DONE, FAILED and CANCELED.
How to list exports
To find a specific export, list all exports created for a tenant:How to download exported events
After an export reaches theDONE state, the exported audit events are available as objects in the destination bucket. To download these objects to your local machine for data portability or local storage:
-
View the objects in the bucket to find the exported files. The objects are stored under the prefix that you specified when you launched the export, or under the default
auditlogsprefix. -
Download the objects from the bucket to your local machine. You can download a single object or all objects with a specific prefix.
For example, to download all exported audit events with the default
auditlogsprefix:
How to cancel an export
To stop an active export, run:CANCELED state. Data that is already written to the bucket is preserved.