Viewing Audit Logs

Audit logs are used to communicate monitored activity occurring across the platform.

Accessing Audit Logs

To access Audit logs, follow these steps:

1. Go to the Delinea Platform home page.
2. From the left panel, click Insights, then click Audit logs.

Viewing The Audit Log

Events that your account has permissions to view are presented in the Audit logs table. Click any row in the table to view its Event details in the review panel.

The Action column of the log captures user behavior and may include hyperlinks to additional properties.

Customizing the Audit Log Table

The columns in the Audit Log table present data associated with the event. Some columns can be sorted in either ascending or descending order. You can customize which columns are presented using the Displayed Columns icon ().

The columns are:

 

Column	Definition
Date	The time stamp when the audit event occurred
Service	The platform service where the audit event took place (e.g., Secret Server, Inventory, etc.) For a description of the services available for monitoring, see Selecting Audit Levels for Display.
Level	The classification of the audit event (Security Audit or Privilege Activity) For a description of the levels available for monitoring, see Selecting Audit Levels for Display.
Event Type	The category of action performed, such as Secret View, Secret Checkout, or Alert Created.
Action	The behavior that produced the event
Initiated By	The username of the platform user who triggered the audit event
Target	The specific entity affected by the audit event, such as a secret
Source	The specific source affected by the audit event (e.g., machine host name, IP address, etc.)
Field Changes	The changes made to any field for each action logged

Filtering Events

By default, the last 7 days of events are shown. Other options include 24 hours, 48 hours, 3 days, 7 days, 30 days, or 60 days. To change the time period, use the dropdown list in the Date filter card.

To further narrow down the list of events, click Add filter. Select the desired filter criteria. Its associated card appears at the top of the table. Use the card's dropdown list to set the desired value for filtering. For more information, see Filtering in List Pages.

Selecting Audit Levels for Display

The event logs are divided into two categories:

• Security Audit logs include critical actions, such as configuration changes in Delinea services.

• Privileged Activity logs include actions that are important, but not critical, such as creating secrets, viewing passwords, or launching an elevated process on an endpoint.

To choose which category to display, click Add filter and select the Level filter criteria. Use the Level dropdown list to indicate the categories to display. (For more information about filtering, see Filtering in List Pages.)

For a detailed list of the Services that support these levels, see the following:

• Audit Collector Services

• Engine Management Services

• Identity Services

• Inventory Services

• Permissions Services

• Policy Services

• Registration Services

• Remote Access Services

• Secret Server Services

• Tenant Profile Services

Downloading Event Log Data

The data from the event log can be downloaded as a CSV file.

1. Click the Download icon in the top control bar.

2. In the Download dialog, specify a File Name.

3. In Data Format, choose a User Format or ISO format as the format for the CSV file label.

4. Click Download.