How to Export Dagster+ Logs to SIEM Providers

This article explains how to configure Dagster+ to export compute logs to SIEM providers like Arctic Wolf or Sentinel One by routing logs through cloud storage.

Problem Description

Users need to export Dagster+ compute logs to SIEM providers for security monitoring and compliance. Dagster+ doesn't have built-in direct integration with SIEM platforms, requiring an intermediate storage solution.

Symptoms

• No direct export option to SIEM providers in Dagster+ UI

• Need for centralized log monitoring and security analysis

• Requirement to integrate Dagster logs with existing security infrastructure

Root Cause

Dagster+ currently doesn't provide built-in integrations with SIEM providers. The platform supports exporting logs to cloud storage services, which can then be configured as data sources for SIEM platforms.

Solution

Configure Dagster+ to export compute logs to cloud storage (S3, Azure Blob Storage, or Google Cloud Storage), then set up your SIEM provider to ingest logs from that storage location.

Step-by-Step Resolution

1. Configure compute log export by adding the following to your `dagster.yaml` file:

   compute_logs:
     module: dagster_aws.s3.compute_log_manager
     class: S3ComputeLogManager
     config:
       bucket: 'your-company-dagster-logs'
       prefix: 'dagster-'
       region: 'us-west-1'
       upload_interval: 30  # Upload partial logs every 30 seconds
       skip_empty_files: true
       show_url_only: true  # For Dagster+ privacy
       upload_extra_args:
         ServerSideEncryption: 'AES256'

2. Configure your ECS agent following the Dagster+ deployment documentation

3. Set up your SIEM provider to monitor and ingest logs from the configured S3 bucket

4. Verify logs are being uploaded to your storage location and ingested by your SIEM

Alternative Solutions

You can also utilize the Dagster API to export insight logs, though this option is limited compared to compute log export. This may be suitable for specific monitoring use cases that don't require full compute logs.

Prevention

Set show_url_only: true in your configuration to ensure Dagster Labs doesn't have access to your log content when using Dagster+. Configure appropriate IAM roles and permissions for secure log access.

Related Documentation

• Dagster+ Deployment Configuration

• Export Metrics API

• Dagster AWS Library Documentation