Audit logs

Audit logs show security-relevant operations a user has processed. For example, an audit log is generated when a user logs into a gateway.

Requirements

ROLES & PERMISSIONS:

  • To view audit logs: READ permission for permission type “Audit”
  • To create audit logs you need Admin permission for the permission type “Audit”. Note however, that you cannot create audit logs from the UI. For details on how to create audit logs via REST refer to Audits in the Cumulocity IoT OpenAPI Specification.

To view audit logs

To view the audit log list, click Audit logs in the Accounts menu. For each log entry, the following information is provided:

Column Description
Server time Server time when the operation was processed.
Event Type of operation, for example "Alarm created", "Smart rule deleted". Below it, the user who processed it is displayed.
Description Provides further information depending on the operation, for example, the device name, alarm text, operation status.
Device time Device time when the operation was processed. This can differ from the server time.

Only the last 100 logs are visible. Scroll down the page to Load more to view more log entries.

Audit logs

Info
The audit log list is not automatically refreshed after a realtime update for operations. Click Reload at the right of the top menu bar to update the list to the latest operations.

To filter logs

In order to easily search through logs, you can filter logs by:

  • Type (alarm, operation, smart rule, and so on)
  • Device time (provide a date range in “From” and/or “To” inputs)
  • User

To apply a filter, click the Apply button next to the respective filter field. To discard filters, click the clear icon next to the Apply button (only visible if filters are set).

Audit log types

Audit type Actions
Alarm
  • Alarm created
  • Alarm updated
Application
  • Application activated
  • Application subscribed
  • Application unsubscribed
  • Application deployed
  • Application deployment failure
  • Application undeployed
  • Application rescaled
  • Application deleted
This type of audit logs may be created for both hosted applications and microservices.
Bulk operation
  • Bulk operation created
  • Bulk operation updated
  • Bulk operation deleted
Data broker connector
  • Connector created
  • Connector updated
  • Connector deleted
Devices availability monitoring
  • Device availability enabled
  • Device availability disabled
  • Device availability interval updated
  • Device put into maintenance state
Global role
  • Global role updated
  • Global role authorities updated
  • Global role device permissions updated
Inventory
  • Managed object deleted
  • Device registration failed due to missing token
  • Device registration failed due to invalid token
  • Device registration max number of failed attempts reached
Inventory role
  • Inventory role created
  • Inventory role updated
  • Inventory role deleted
Operation
  • Operation created
  • Operation updated
Option
  • Option created
  • Option updated
  • Option deleted
Reliable notification
  • Reliable notification token created
  • Reliable notification subscription created
  • Reliable notification subscription deleted
Report
  • Test tenant statistics accessed
  • Real tenant statistics accessed
Single sign-on
  • SSO login
  • SSO logout
  • SSO logout failed
Smart rule
  • Smart rule created
  • Smart rule updated
  • Smart rule enabled
  • Smart rule disabled
  • Smart rule deleted
Tenant
  • Tenant created
  • Tenant updated
  • Tenant suspended
  • Tenant activated
  • Tenant deleted
Tenant auth configuration
  • Authentication configuration added
  • Authentication configuration updated
  • Authentication configuration deleted
Trusted certificate
  • Trusted certificate uploaded
  • Trusted certificate updated
  • Trusted certificate deleted
User
  • User created
  • User updated
  • User username updated
  • User password updated
  • User roles updated
  • User groups updated
  • User delegation updated
  • User owner updated
  • User inventory assignment updated
  • User device permissions updated
  • User deleted
User login
  • User login
  • User logout
Note that entries of this type are not created when using Basic authentication.