Viewing Audit Logs

Audit logs are used to communicate monitored activity occurring across the platform.

Accessing Audit Logs

To access Audit logs, follow these steps:

1. Go to the Delinea Platform home page.
2. From the left panel, click Insights, then click Audit logs.

Viewing The Audit Log

Events that your account has permissions to view are presented in the Audit logs table. Click any row in the table to view its Event details in the review panel.

The Action column of the log captures user behavior and may include hyperlinks to additional properties.

Customizing the Audit Log Table

The columns in the Audit Log table present data associated with the event. Some columns can be sorted in either ascending or descending order. You can customize which columns are presented using the Displayed Columns icon ().

The columns are:

• Date: The date the event occurred.
• Service: The application that is monitored and presented in the Audit logs. For a description of the services available for monitoring, see Selecting Audit Levels for Display.
• Level: The functionality (in a service) that is monitored. For a description of the levels available for monitoring, see Selecting Audit Levels for Display.
• Action: The action that produced the event.
• Initiated By: The name of the user who initiated the event.
• Target: The platform component involved in the event.
• Source: The source of the event, such as PRA, Web Password Filler, or Secret Launcher.

Filtering Events

By default, the last 7 days of events are filtered. Other options include 24 hours, 48 hours, 3 days, 7 days, 30 days, or 60 days, using the drop-down at the Date card.

To further narrow down the list of events, click Add filter. Select the desired filter criteria. Its associated card appears at the top of the table. Use the card's drop-down to set the desired value for filtering.

Selecting Audit Levels for Display

The event logs are divided into two categories:

• Security Audit logs include critical actions, such as configuration changes in Delinea services.

• Privileged Activity logs include actions that are important, but not critical, such as creating secrets, viewing passwords, or launching an elevated process on an endpoint.

To choose which category to display, click Add filter and select the Level filter criteria. Then, use the Leveldrop-down to indicate the categories to display.

For a detailed list of the Services that support these levels, see the following:

• Secret Server Services

• Permissions Services

• Registration Services

• Identity Services

• PRA Services

• Audit Collector Services

• Audit Collector Services

Downloading Event Log Data

The data from the event log can be downloaded as a CSV file.

1. Click the Download icon in the top control bar.

2. In the Download dialog, specify a File Name.

3. In Data Format, choose a User Format or ISO format as the format for the CSV file label.

4. Click Download.