Skip to main content

Audit Log Schema

Golf Gateway generates structured audit logs for all MCP traffic, authentication events, and security analysis. This reference documents the complete schema used for audit log entries.

Quick Reference

CategoryKey FieldsPurpose
Coretimestamp, event_type, componentEvent identification and timing
Identitysession_id, gateway_id, organization_idSession and gateway tracking
Useruser.sub, user.email, user.authenticatedUser identity (privacy-compliant)
Authenticationauthentication.result, authentication.provider_typeAuth method and result
Securitysecurity.threat_score, security.blocked, security.was_scrubbedThreat detection and PII scrubbing
MCP Protocolmcp_method, mcp_tool_name, mcp_*_payloadMCP JSON-RPC details
Integritysequence, prev_hash, integrity_hashTamper-proof hash chain
Internalmessage, correlation, metadataInternal processing (not exported)

Schema Overview

{
  "timestamp": "2024-01-15T10:30:45.123456+00:00",
  "event_type": "mcp_request",
  "component": "mcp_parser",
  "session_id": "sess_abc123def456",
  "gateway_id": "550e8400-e29b-41d4-a716-446655440000",
  "gateway_name": "production-gateway",
  "organization_id": "org_xyz789",
  "client_info": {
    "name": "claude-desktop",
    "version": "1.2.3"
  },
  "authentication": {
    "method": "oauth2",
    "result": "success",
    "completed_at": 1705315845123,
    "provider_type": "auth0",
    "provider_name": "Production Auth0",
    "authorization_result": "granted",
    "scopes": ["read:mcp", "write:mcp"],
    "granted_at": 1705315845123,
    "user_id": "auth0|abc123",
    "email": "a1b2c3d4e5f6g7h8",
    "session_created": true,
    "session_type": "authenticated"
  },
  "security": {
    "threat_score": 0.02,
    "threats_detected": [],
    "analyzed": true,
    "blocked": false,
    "detection_method": "llm",
    "content_size_bytes": 256,
    "inference_ms": 38.5,
    "was_scrubbed": false,
    "entities_redacted": 0,
    "fields_masked": 0
  },
  "request": {
    "method": "POST",
    "path": "/finance-tools/mcp",
    "size_bytes": 256,
    "headers": {}
  },
  "upstream": {
    "host": "mcp-server.internal",
    "port": 3001,
    "url": "http://mcp-server.internal:3001",
    "name": "finance-tools"
  },
  "user": {
    "sub": "auth0|abc123",
    "email": "a1b2c3d4e5f6g7h8",
    "authenticated": true,
    "anonymous": false
  },
  "mcp_method": "tools/call",
  "mcp_tool_name": "get_account_balance",
  "mcp_request_payload": "{\n  \"jsonrpc\": \"2.0\",\n  \"method\": \"tools/call\",\n  \"params\": {\n    \"name\": \"get_account_balance\",\n    \"arguments\": {\"account_id\": \"12345\"}\n  },\n  \"id\": 1\n}",
  "mcp_request_tokens": 45,
  "has_error": false,
  "sequence": 12345,
  "prev_hash": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "integrity_hash": "d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5"
}
Each audit log entry is a JSON object. The sections below document each field category in detail. 
{
  "timestamp": "2024-01-15T10:30:45.123456+00:00",
  "event_type": "mcp_request",
  "component": "mcp_parser",
  "session_id": "sess_abc123",
  "gateway_id": "550e8400-e29b-41d4-a716-446655440000",
  "gateway_name": "production-gateway",
  "organization_id": "org_xyz789",
  "client_info": { ... },
  "authentication": { ... },
  "security": { ... },
  "request": { ... },
  "upstream": { ... },
  "user": { ... },
  "mcp_method": "tools/call",
  "mcp_tool_name": "get_weather",
  "mcp_request_payload": "{ ... }",
  "mcp_request_tokens": 150,
  "sequence": 12345,
  "prev_hash": "a1b2c3...",
  "integrity_hash": "d4e5f6..."
}

Core Fields

These fields are present on every audit log entry.
FieldTypeDescription
timestampstringISO 8601 timestamp with timezone (e.g., 2024-01-15T10:30:45.123456+00:00)
event_typestringType of audit event (see Event Types)
componentstringSystem component that generated the event

Event Types

ValueDescription
mcp_requestStandard MCP JSON-RPC request
mcp_responseStandard MCP JSON-RPC response
mcp_sampling_requestSampling/createMessage request
mcp_sampling_responseSampling/createMessage response
mcp_elicitation_requestServer-initiated elicitation request
mcp_elicitation_responseElicitation response from client
mcp_notificationMCP notification (no response expected)
authenticationAuthentication event
securitySecurity analysis event

Component Values

ValueDescription
mcp_parserMCP message parsing
authAuthentication and authorization
securitySecurity analysis and threat detection

Session and Identity

FieldTypeDescription
session_idstring | nullMCP protocol session identifier
gateway_idstring | nullGateway UUID (multi-gateway deployments)
gateway_namestring | nullHuman-readable gateway name
organization_idstring | nullOrganization UUID (multi-tenant deployments)

Integrity Fields

These fields provide tamper-proof audit logging through cryptographic hash chaining.
FieldTypeDescription
sequenceinteger | nullMonotonically increasing sequence number
prev_hashstring | nullHMAC-SHA256 hash of the previous log entry
integrity_hashstring | nullHMAC-SHA256 hash of the current entry
The integrity chain allows verification that no log entries have been modified or deleted. Configure the hash key with GOLF_SECURITY_INTEGRITY_KEY.

Client Info

Information about the MCP client, extracted from the initialize request.
FieldTypeDescription
client_info.namestringMCP client name (e.g., “claude-desktop”, “cursor”)
client_info.versionstringMCP client version
Example: 
{
  "client_info": {
    "name": "claude-desktop",
    "version": "1.2.3"
  }
}

Authentication

Authentication and authorization results.
FieldTypeDescription
authentication.methodstringAuthentication method (default: oauth2)
authentication.resultstringsuccess, failed, or anonymous
authentication.completed_atintegerUnix timestamp in milliseconds
authentication.provider_typestring | nullIDP type: auth0, okta, microsoft-entra-id, descope
authentication.provider_namestring | nullHuman-readable provider name
authentication.authorization_resultstringgranted, denied, or anonymous
authentication.scopesarrayGranted OAuth scopes
authentication.granted_atintegerUnix timestamp in milliseconds
authentication.user_idstring | nullUser subject identifier
authentication.emailstring | nullUser email (hashed before export)
authentication.namestring | nullUser display name (removed before export)
authentication.session_createdbooleanWhether a new session was created
authentication.session_typestringauthenticated or anonymous
Example: 
{
  "authentication": {
    "method": "oauth2",
    "result": "success",
    "completed_at": 1705315845123,
    "provider_type": "auth0",
    "provider_name": "Production Auth0",
    "authorization_result": "granted",
    "scopes": ["read:mcp", "write:mcp"],
    "granted_at": 1705315845123,
    "user_id": "auth0|abc123",
    "email": "a1b2c3d4e5f6g7h8",
    "session_created": true,
    "session_type": "authenticated"
  }
}

Security

Security analysis and threat detection results.
FieldTypeDescription
security.threat_scorefloatThreat score from 0.0 (safe) to 1.0 (malicious)
security.threats_detectedarrayList of detected threat types
security.analyzedbooleanWhether security analysis was performed
security.skipped_reasonstring | nullReason analysis was skipped
security.blockedbooleanWhether the request/response was blocked
security.detection_methodstring | nullllm, pattern, or rate_limit
security.threat_categorystring | nullprompt_injection, jailbreak, data_exfiltration, etc.
security.content_size_bytesinteger | nullSize of analyzed content in bytes
security.inference_msfloat | nullLLM inference duration in milliseconds

PII Scrubbing Fields

FieldTypeDescription
security.was_scrubbedbooleanWhether content was scrubbed for PII
security.entities_redactedintegerTotal PII entities redacted
security.fields_maskedintegerTotal fields masked by name
security.entities_by_typeobjectBreakdown of redacted entities by type
security.redacted_pathsarrayJSON paths where entities were redacted
security.masked_field_namesarrayField names that were masked
security.custom_rules_firedarrayCustom regex rules that matched
security.scrub_duration_msfloat | nullScrubbing duration in milliseconds
Example (threat detected): 
{
  "security": {
    "threat_score": 0.95,
    "threats_detected": ["prompt_injection"],
    "analyzed": true,
    "blocked": true,
    "detection_method": "llm",
    "threat_category": "prompt_injection",
    "content_size_bytes": 1024,
    "inference_ms": 45.2
  }
}
Example (PII scrubbed): 
{
  "security": {
    "threat_score": 0.0,
    "threats_detected": [],
    "analyzed": true,
    "blocked": false,
    "was_scrubbed": true,
    "entities_redacted": 3,
    "fields_masked": 1,
    "entities_by_type": {
      "email": 2,
      "phone": 1
    },
    "redacted_paths": ["result.content[0].text"],
    "masked_field_names": ["ssn"],
    "scrub_duration_ms": 12.5
  }
}

Request

Request context information.
FieldTypeDescription
request.methodstring | nullHTTP or MCP method
request.pathstring | nullRequest path or resource
request.size_bytesinteger | nullRequest size in bytes
request.headersobjectRequest headers (sanitized to empty before export)

Upstream

Information about the upstream MCP server.
FieldTypeDescription
upstream.hoststringUpstream server hostname
upstream.portintegerUpstream server port (1-65535)
upstream.urlstring | nullOriginal URL for display
upstream.namestring | nullUpstream server name
Example: 
{
  "upstream": {
    "host": "mcp-server.internal",
    "port": 3001,
    "name": "finance-tools"
  }
}

User

User identity information.
FieldTypeDescription
user.substring | nullUser subject identifier
user.emailstring | nullUser email (hashed to 16-char SHA256 before export)
user.namestring | nullUser display name (removed before export)
user.authenticatedbooleanWhether user is authenticated
user.anonymousbooleanWhether user is anonymous
For privacy compliance, user.email is hashed and user.name is removed before export to external systems.

MCP Protocol Fields

Extracted Fields

These fields are extracted from MCP messages for efficient querying and aggregation.
FieldTypeDescription
mcp_methodstring | nullMCP JSON-RPC method (e.g., tools/call, resources/read)
mcp_tool_namestring | nullTool name from tools/call or tools/list
mcp_resource_uristring | nullResource URI from resources/read or resources/list
mcp_prompt_namestring | nullPrompt name from prompts/get or prompts/list

Raw Payloads

FieldTypeDescription
mcp_request_payloadstring | nullRaw MCP request JSON (formatted)
mcp_response_payloadstring | nullRaw MCP response JSON (formatted)

Token Estimates

FieldTypeDescription
mcp_request_tokensinteger | nullEstimated token count for request
mcp_response_tokensinteger | nullEstimated token count for response

Error Detection

FieldTypeDescription
has_errorboolean | nullWhether MCP response contains an error

Elicitation Fields

Fields for server-initiated user input requests (MCP elicitation).
FieldTypeDescription
mcp_elicitation_modestring | nullElicitation mode: form or url
mcp_elicitation_idstring | nullElicitation ID for URL mode correlation
mcp_elicitation_actionstring | nullUser action: accept, decline, or cancel

Threat Analysis

Detailed threat analysis results (when available).
FieldTypeDescription
threat_analysis.threat_scorefloatThreat score from 0.0 to 1.0
threat_analysis.detected_patternsarrayList of detected threat patterns
threat_analysis.severitystringcritical, incident, or low
threat_analysis.remediationstring | nullSuggested remediation action

Session Statistics

Aggregate session statistics (for monitoring events).
FieldTypeDescription
session_stats.active_sessionsintegerNumber of active sessions
session_stats.total_createdintegerTotal sessions created
session_stats.total_authenticatedintegerTotal authenticated sessions
session_stats.total_anonymousintegerTotal anonymous sessions

Internal Fields

These fields are present in audit log entries for internal processing but are excluded from external exports and the GraphQL API.
FieldTypeDescription
messageobject | nullRaw MCP message data for internal processing
correlationobject | nullRequest/response correlation for internal tracking
metadataobjectAdditional metadata for legacy compatibility and flexible extensions
These fields are for internal use only. They are not exposed through the GraphQL API and are excluded from export payloads to external systems (Elasticsearch, OpenTelemetry, Sentinel).

Complete Example

MCP Request Event: 
{
  "timestamp": "2024-01-15T10:30:45.123456+00:00",
  "event_type": "mcp_request",
  "component": "mcp_parser",
  "session_id": "sess_abc123def456",
  "gateway_id": "550e8400-e29b-41d4-a716-446655440000",
  "gateway_name": "production-gateway",
  "organization_id": "org_xyz789",
  "client_info": {
    "name": "claude-desktop",
    "version": "1.2.3"
  },
  "authentication": {
    "method": "oauth2",
    "result": "success",
    "completed_at": 1705315845123,
    "provider_type": "auth0",
    "authorization_result": "granted",
    "scopes": ["read:mcp", "write:mcp"],
    "granted_at": 1705315845123,
    "user_id": "auth0|abc123",
    "session_type": "authenticated"
  },
  "security": {
    "threat_score": 0.02,
    "threats_detected": [],
    "analyzed": true,
    "blocked": false,
    "detection_method": "llm",
    "content_size_bytes": 256,
    "inference_ms": 38.5
  },
  "upstream": {
    "host": "mcp-server.internal",
    "port": 3001,
    "name": "finance-tools"
  },
  "user": {
    "sub": "auth0|abc123",
    "authenticated": true,
    "anonymous": false
  },
  "mcp_method": "tools/call",
  "mcp_tool_name": "get_account_balance",
  "mcp_request_payload": "{\n  \"jsonrpc\": \"2.0\",\n  \"method\": \"tools/call\",\n  \"params\": {\n    \"name\": \"get_account_balance\",\n    \"arguments\": {\"account_id\": \"12345\"}\n  },\n  \"id\": 1\n}",
  "mcp_request_tokens": 45,
  "has_error": false,
  "sequence": 12345,
  "prev_hash": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "integrity_hash": "d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5"
}
Security Blocked Event: 
{
  "timestamp": "2024-01-15T10:31:12.789012+00:00",
  "event_type": "mcp_request",
  "component": "security",
  "session_id": "sess_xyz789abc123",
  "gateway_name": "production-gateway",
  "security": {
    "threat_score": 0.97,
    "threats_detected": ["prompt_injection"],
    "analyzed": true,
    "blocked": true,
    "detection_method": "llm",
    "threat_category": "prompt_injection",
    "content_size_bytes": 2048,
    "inference_ms": 52.3
  },
  "threat_analysis": {
    "threat_score": 0.97,
    "detected_patterns": ["instruction_override", "role_manipulation"],
    "severity": "critical",
    "remediation": "Block request and notify security team"
  },
  "mcp_method": "tools/call",
  "mcp_tool_name": "execute_query",
  "sequence": 12346,
  "integrity_hash": "f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1"
}

Export Destinations

Audit logs are exported to configured destinations with automatic schema mapping:
DestinationIndex PatternDocumentation
Elasticsearch{prefix}-YYYY.MM.DDExport to Elasticsearch
OpenTelemetryOTLP logsExport to OpenTelemetry
Microsoft SentinelCustom DCR tableExport to Sentinel
Each destination applies field-specific transformations. For example, Elasticsearch uses daily indices while Sentinel transforms fields to PascalCase for KQL compatibility.

Environment Variables

Configure Golf Gateway using environment variables

YAML Configuration

Distributed mode configuration for GitOps deployments

Export to Elasticsearch

Set up audit log export to Elasticsearch

Export to Sentinel

Set up audit log export to Microsoft Sentinel