The Controller keeps an audit log you can use to monitor user activity and configuration changes in the Controller.
The Controller keeps audit log data in the controller_audit table.
Audit logging is available only to on-premise controllers.
What is Audited
The following actions are logged during user authentication:
The following entities are audited for creation, modification and removal:
When a user or agent modifies one of these objects, one of the following actions is logged:
Structure of Audit Log
The structure of the controller_audit table is:
creation time in milliseconds
user account of user performing the action
account id of user performing the action
user name of user performing the action
user id of user performing the action
entity type of modified object
id of modified object
audited action, one of: OBJECT_CREATED, OBJECT_UPDATED, OBJECT_DELETED, LOGIN, LOGIN_FAILED
Enabling or Disabling Audit Logging
Audit logging is enabled by default. You can disable Controller audit logging from the Controller Administration Console. See Access the Administration Console for information on how to access the console.
To turn audit logging on or off, set the audit.enabled setting to true or false.
Audit Log Retention
By default the Controller retains audit logs for 720 hours.
You can adjust the retention period in the Controller Administration Console by modifying the audit.log.retention.period setting. See Access the Administration Console.