Skip to end of metadata
Go to start of metadata

The Controller keeps an audit log you can use to monitor user activity and configuration changes in the Controller. 

The Controller keeps audit log data in the controller_audit table.

Audit logging is available only to on-premise controllers.

What is Audited

The following actions are logged during user authentication:

  • LOGIN*
  • LOGIN_FAILED*

The following entities are audited for creation, modification and removal:

  • APPLICATION_COMPONENT
  • APPLICATION_COMPONENT_NODE*
  • USER
  • GROUP
  • ACCOUNT*
  • ACCOUNT_ROLE
  • WORKFLOW*
  • GLOBAL_CONFIGURATION
  • NOTIFICATION_CONFIG
  • DASHBOARD
  • JMX_CONFIG*
  • BUSINESS_TRANSACTION*
  • BUSINESS_TRANSACTION_GROUP*
  • CUSTOM_EXIT_POINT_DEFINITION*
  • CUSTOM_MATCH_POINT_DEFINITION
  • TRANSACTION_MATCH_POINT_CONFIG
  • BACKEND_DISCOVERY_CONFIG
  • ERROR_CONFIGURATION
  • DOT_NET_ERROR_CONFIGURATION
  • CALL_GRAPH_CONFIGURATION
  • SQL_DATA_GATHERER_CONFIG
  • MEMORY_CONFIGURATION
  • EUM_CONFIGURATION
  • AGENT_CONFIGURATION
  • APPLICATION_DIAGNOSTIC_DATA
  • POJO_DATA_GATHERER_CONFIG
  • HTTP_REQUEST_DATA_GATHERER_CONFIG
  • POLICY*
  • RULE*

When a user or agent modifies one of these objects, one of the following actions is logged:

  • OBJECT_CREATED
  • OBJECT_UPDATED
  • OBJECT_DELETED

Structure of Audit Log

The structure of the controller_audit table is:

column

value

ts_ms

creation time in milliseconds

account_name

user account of user performing the action

account_id

account id of user performing the action

user_name

user name of user performing the action

user_id

user id of user performing the action

object_name

entity type of modified object

object_id

id of modified object

action

audited action, one of: OBJECT_CREATED, OBJECT_UPDATED, OBJECT_DELETED, LOGIN,  LOGIN_FAILED

Enabling or Disabling Audit Logging

Audit logging is enabled by default. You can disable Controller audit logging from the Controller Administration Console. See Access the Administration Console for information on how to access the console.

To turn audit logging on or off, set the audit.enabled setting to true or false.  

Audit Log Retention

By default the Controller retains audit logs for 720 hours.

You can adjust the retention period in the Controller Administration Console by modifying the audit.log.retention.period setting. See Access the Administration Console.