What should I log and audit for every retrieval event in a RAG system?

For every retrieval event in a RAG system, you should log detailed information about the event, including its context, outcome, and any associated decisions, to enable auditing, debugging, and post-incident review. This practice aligns with NIST AI RMF's MEASURE function for transparency and accountability.

Concrete controls for logging and auditing retrieval events include:

• Event Type and Metadata: Log the specific event type (e.g., "tool_call", "permission", "transition") along with relevant metadata such as a chain_id for end-to-end tracing, chain_depth, timestamp, and analyst_id. This helps in reconstructing the full execution path and understanding decision propagation.
• Tool Invocation Details: For each tool invocation, record the tool_name, tool_args (arguments passed to the tool), a result_summary (capped to a reasonable length for SIEM systems), justification for the tool's use, duration_ms of the call, and whether it was successful. This addresses NIST AI RMF's MEASURE-2.8 by logging decisions and tracing AI behavior.
• Permission Decisions: Log every permission decision (e.g., "allow", "deny", "escalate") for a given tool_name, along with the reason for that decision. This provides an audit trail for access control and aligns with the need for transparency and accountability.
• Error and Diagnostic Information: Capture errors with full context, including result_type, last_content_type, and stop_reason for quick triage. For more detailed debugging, log verbose information about the error, including the original model, fallback model, entrypoint, query chain ID, and query depth. This helps in identifying and tracking risks over time, as per NIST AI RMF's MEASURE-3.1.
• Redaction and Security: Implement a RedactingFormatter to strip sensitive information like API keys or tokens before logs are written to disk, ensuring PII/secret protection. This is crucial for security and privacy compliance.
• Structured Logging and Storage: Ensure logs are structured (e.g., JSONL format) for compatibility with SIEM systems like Splunk, Elastic, and Chronicle, and to facilitate replay and auditing by compliance teams. Maintain separate log files for full records (agent.log) and quick triage of warnings/errors (errors.log).