Audit Logs
Overview
Audit Logs are documents that record changes or actions occurring in a system. Applications Manager lets you view Audit Log information, where you can keep track of all the events occurring in your account, and aids you in identifying the changes made in your profile within specified periods of time. It documents the list of actions performed by the user along with the timestamps.
How to view Audit Logs
- Login into your Applications Manager account.
- Go to Settings tab and click on Audit Logs.
- Here you can view the list of all the past actions that have been done in your account, segregated based on the type of action that occurred, the name of the user along with its Hostname/IP address, and the log message description for that action along with its timestamp.
- Also, you can filter audit logs based on the required action type and time range of your choice. This can be done by
- Selecting the required list of actions and the required user names from the respective drop-downs
- Entering the number of days within which the logs have been recorded
- Click on the Filter button.
- Furthermore, the "Probe Server" dropdown in Enterprise Central Server will help you to view logs for operations performed on the particular server. User name dropdown will be disabled upon selecting any Probe Server from the dropdown.
Displayed Parameters
| Parameter | Description |
|---|
| Action Type | The type of action performed by the user. |
| User Name | The name of the user who triggered the action. |
| Host Name / IP Address | The host name / IP address of the user that issued the action. |
| Description | Displays the log message generated after executing that action. |
| Managed Server | Display logs for operations performed on the particular server. Applicable only in Enterprise Central Server. |
| Date and Time | The date and time of that action performed. |
Note: Additionally, you can generate reports in various formats like PDF, CSV, XLS, etc. by clicking on their respective icons available at the top right side of the audit log table.
Operations audited
The following is the list of operations that are audited under Audit Logs in Applications Manager:
- User Administration and Management
- REST API Key regeneration
- Actions related to monitoring and management of resources from Applications Manager, such as Start, Stop, and Reboot actions of Virtual Machines, as well as Cloud resources management
- Certificate upload and management
- Configuring third-party add-ons
- OAuth Configuration for third-party application monitoring and integration
- Configuring Actions from Applications Manager, such as Email, SMS, as well as Execute Programs
- File upload to Applications Manager
- MS SQL Management from Applications Manager
- Alarm template configuration changes
- Stop/Restart of Applications Manager from the GUI
- RUM page views limit
- Management of probe registration key regeneration and authentication keys in Enterprise Edition communication
- Downtime scheduler operations
Email Audit
Applications Manager now audits product-wide email activities in addition to action-triggered email executions.
The following email activities are captured in the Email Audit logs:
- Action-triggered emails (for example, alert notifications, REST API notifications, thread dump, heap dump, and container actions)
- Test emails
- License notification emails
- Scheduled report emails
- Password reset emails
- MFA/OTP delivery emails
- System notification emails (for example, enterprise communication and self-monitoring notifications)
- DB migration alert emails
By default, only users with the ADMIN role can view the Email Audit logs.
Users with the USER role can access Email Audit logs when the corresponding permission is enabled under Settings - User Management - Permissions - User Permissions using the am.admin.usermgmt.user.actionaudit.enabled configuration key.
To view the Email Audit logs, navigate to Actions - View Actions - Execution Logs.
