Audit logs

Audit logs show security-relevant operations a user has processed. For example, an audit log is generated when a user logs into a gateway.

Requirements

ROLES & PERMISSIONS:

To view audit logs: READ permission for permission type “Audit”
To create audit logs you need Admin permission for the permission type “Audit”. Note however, that you cannot create audit logs from the UI. For details on how to create audit logs via REST refer to Audits in the Cumulocity IoT OpenAPI Specification.

To view audit logs

To view the audit log list, click Audit logs in the Accounts menu. For each log entry, the following information is provided:

Column	Description
Server time	Server time when the operation was processed.
Event	Type of operation, for example "Alarm created", "Smart rule deleted". Below it, the user who processed it is displayed.
Description	Provides further information depending on the operation, for example, the device name, alarm text, operation status.
Device time	Device time when the operation was processed. This can differ from the server time.

Only the last 100 logs are visible. Scroll down the page to Load more to view more log entries.

Audit logs

Info

The audit log list is not automatically refreshed after a realtime update for operations. Click Reload at the right of the top menu bar to update the list to the latest operations.

To filter logs

In order to easily search through logs, you can filter logs by:

Type (alarm, operation, smart rule, and so on)
Device time (provide a date range in “From” and/or “To” inputs)
User

To apply a filter, click the Apply button next to the respective filter field. To discard filters, click the clear icon next to the Apply button (only visible if filters are set).

Audit log types

Audit type	Actions
Alarm	Alarm created Alarm updated
Application	Application activated Application subscribed Application unsubscribed Application deployed Application deployment failure Application undeployed Application rescaled Application deleted This type of audit logs may be created for both hosted applications and microservices.
Bulk operation	Bulk operation created Bulk operation updated Bulk operation deleted
Data broker connector	Connector created Connector updated Connector deleted
Devices availability monitoring	Device availability enabled Device availability disabled Device availability interval updated Device put into maintenance state
Global role	Global role updated Global role authorities updated Global role device permissions updated
Inventory	Managed object deleted Device registration failed due to missing token Device registration failed due to invalid token Device registration max number of failed attempts reached
Inventory role	Inventory role created Inventory role updated Inventory role deleted
Operation	Operation created Operation updated
Option	Option created Option updated Option deleted
Reliable notification	Reliable notification token created Reliable notification subscription created Reliable notification subscription deleted
Report	Test tenant statistics accessed Real tenant statistics accessed
Single sign-on	SSO login SSO logout SSO logout failed
Smart rule	Smart rule created Smart rule updated Smart rule enabled Smart rule disabled Smart rule deleted
Tenant	Tenant created Tenant updated Tenant suspended Tenant activated Tenant deleted
Tenant auth configuration	Authentication configuration added Authentication configuration updated Authentication configuration deleted
Trusted certificate	Trusted certificate uploaded Trusted certificate updated Trusted certificate deleted
User	User created User updated User username updated User password updated User roles updated User groups updated User delegation updated User owner updated User inventory assignment updated User device permissions updated User deleted
User login	User login User logout Note that entries of this type are not created when using Basic authentication.

Info