We are using Apache Kafka as a long term event store for a Fully Eventually Consistent Event Sourced Architecture. We also have various compliance requirements. We certainly have encrypted volumes and connections (at rest and transit); we are setup for TLS authentication; do not have authorization configured. Now we’re looking for the best way to configure the brokers to make sure we can log access to data; hoping to be able to at least log the various relevant information for auditing reasons to know which connections using a specific TLS certificate asked for data from specific topics and partitions as well as which offsets were accessed. Does anyone have links to specific resources for this type of configuration or know of a way?
Thanks, Wade
