Using Audit Logs
Audit logs provide records of user activity for security and compliance. You can view, monitor, and track the sequence of the following activities in Solace Cloud:
- Identity and Access Management (IAM) operations, such as user login activities
- User management activities, such as user activation or role changes
- Event broker service life-cycle events, such as event broker service creation, upgrades, or deletion
- Operations and activities that occur for event access requests and application promotion requests in Event Portal
- Operations or activities that occur to Micro-Integrations
- Operations or activities that occur to agent meshes
- Maintenance activities, such as creation of maintenance windows or schedules
You can use filters to display a subset of the audit logs. You can also download the audit logs. The audit logs are retained in the console for six months; records older than six months are automatically deleted.
Audit logs are collected for each account in Solace Cloud. They don't contain all events for event broker services. If you are looking for logs that contain information about event broker services, you can do one of the following:
- Use Solace Insights, which collects metrics and provides useful visualizations of event broker services. For more information, see Insights Overview.
- Forward the logs from the event broker service to a server or an external log monitoring system that you control. For more information, see Forwarding Logs to an External System.
For more information about audit logs, see Using Audit Logs and System Logs.
For information about retrieving the logs programmatically using the REST API for Solace Cloud, see Managing Audit Logs with the Solace Cloud REST API.
Viewing Audit Logs
Administrators can access the audit logs for the whole organization. They can view and track actions performed by all users to understand who did what, where, and when, in the account. Administrators can also download the audit logs of any user within the organization. Non-Administrator users can access and download only their own audit logs.
You can view the audit logs in the Account Details section in the console. You can also filter the audit logs to find specific entries.
To access the audit logs, perform these steps:
- Log in to the Solace Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your
- On the navigation bar, click User & Account
and select Account Details. - Select the Audit Logs tab to see the default list view that shows:
- the date and time of the occurrence
- the unique event ID for each entry
- the event category
- the type of event
- the information of the user who performed the activity
- the IP address of the device used to connect to the console
- the time taken to complete the activity
You can use the filter to change the scope of the entries to display.
- Click an audit log entry to display additional information for the entry.
Filtering Audit Logs
Administrators can see the audit log entries for all users. Use the filters to specify the displayed fields.
To apply filters, perform these steps:
- On the Audit Logs tab, click Filters to expand the options.
- Apply any of the following filters:
- Time Range—Filter the logs based on the time range, which can be Last hour, Last 12 hours, Last Day, Last Week, or Last Month.
- Category—Filter the logs based on IAM or Service activities. You must select one of the following options to enable filter options in the Event field:
- MAINTENANCE—User requests for maintenance activities for event broker services.
- DISTRIBUTED_TRACING—Distributed tracing activities that occur to the account.
- INTEGRATION—User and system activities that occur to Micro-Integrations.
- APPLICATION_PROMOTION_REQUEST—User activities for application promotion requests in Event Portal
- IAM—User access activities that occur to the account.
- EVENT_ACCESS_REQUEST—User activities for event access requests in Event Portal.
- AGENT_MESH—User and system activities that occur to agent meshes.
- SERVICE—Service lifecycle and management activities that occur to the event broker services in the account.
- Username—Filter the logs based on a specific user in the account. Only users with the Administrator role can filter using this option.
- Status—Filter the logs based on the status of the activity (Successful, Failed, or In Progress).
- Event—Filter the logs based on the type of activity. The options in this list depend on the selected Category.
Downloading Audit Logs
You can download the audit logs as a JSON file. If you have selected filter criteria, the file includes only the entries that match the filters.
To download an audit log, perform these steps:
- On the navigation bar, click User & Account and select Account Details.
- Select the Audit Logs tab.
- (Optional) Apply filters to the audit logs.
- Click Download JSON.
The JSON file downloads to your computer.
Audit Log Reference
You may see the following audit logs in Solace Cloud:
The term messaging services in the audit logs refers to event broker services.
| Category | Event Type | Description |
|---|---|---|
|
AGENT_MESH |
AGENT_MESH_CREATE |
Agent Mesh Creation |
|
AGENT_MESH |
AGENT_MESH_UPDATE |
Agent Mesh Update |
|
AGENT_MESH |
AGENT_MESH_DELETE |
Agent Mesh Deletion |
|
AGENT_MESH |
AGENT_MESH_DEPLOY |
Agent Mesh Deployment |
|
AGENT_MESH |
AGENT_MESH_UNDEPLOY |
Agent Mesh Undeployment |
|
AGENT_MESH |
AGENT_MESH_UPGRADE |
Agent Mesh Upgrade |
|
AGENT_MESH |
AGENT_MESH_SSO_ENABLE |
Agent Mesh SSO Enable |
|
AGENT_MESH |
AGENT_MESH_SSO_DISABLE |
Agent Mesh SSO Disable |
|
APPLICATION_PROMOTION_REQUEST |
APPLICATION_PROMOTION_REQUEST_CREATED |
Application Promotion Request Created |
|
APPLICATION_PROMOTION_REQUEST |
APPLICATION_PROMOTION_REQUEST_REVIEWED |
Application Promotion Request Reviewed |
|
APPLICATION_PROMOTION_REQUEST |
APPLICATION_PROMOTION_REQUEST_APPROVED |
Application Promotion Request Approved |
|
APPLICATION_PROMOTION_REQUEST |
APPLICATION_PROMOTION_REQUEST_DECLINED |
Application Promotion Request Declined |
|
APPLICATION_PROMOTION_REQUEST |
APPLICATION_PROMOTION_REQUEST_DELETED |
Application Promotion Request Deleted |
|
DISTRIBUTED_TRACING |
DISTRIBUTED_TRACING_LIMIT_CHANGE |
Distributed Tracing Limit Change |
|
DISTRIBUTED_TRACING |
ENABLE_DISTRIBUTED_TRACING |
Enable Distributed Tracing |
|
DISTRIBUTED_TRACING |
DISABLE_DISTRIBUTED_TRACING |
Disable Distributed Tracing |
|
EVENT_ACCESS_REQUEST |
EVENT_ACCESS_REQUEST_APPROVED |
Event Access Request Approved |
|
EVENT_ACCESS_REQUEST |
EVENT_ACCESS_REQUEST_DECLINED |
Event Access Request Declined |
|
EVENT_ACCESS_REQUEST |
EVENT_ACCESS_REQUEST_DELETED |
Event Access Request Deleted |
|
IAM |
ENVIRONMENT_CREATE |
Environment Creation |
|
IAM |
ENVIRONMENT_DELETE |
Environment Delete |
|
IAM |
ENVIRONMENT_UPDATE |
Environment Update |
|
IAM |
GROUP_MAPPING_UPDATE |
Group-mapping Update |
|
IAM |
LOGIN |
User Login |
|
IAM |
LOGOUT |
User Logout |
|
IAM |
PASSWORD_CHANGE |
User Password Change |
|
IAM |
PASSWORD_RESET |
User Password Reset |
|
IAM |
RESOURCE_ASSIGNMENT |
Resource Assignment |
|
IAM |
ROLE_MAPPING_UPDATE |
Role-mapping Update |
|
IAM |
ROLE_UPDATE |
User Role Update |
|
IAM |
USER_CREATION |
User Creation |
|
IAM |
USER_CREATE_ORGANIZATION |
User Organization Creation |
|
IAM |
USER_DELETION |
User Deletion |
|
IAM |
USER_DELETE_ORGANIZATION |
User Organization Deletion |
|
IAM |
USER_ACTIVATION |
User Activation |
|
IAM |
UNKNOWN |
The event type could not be determined |
|
IAM |
USER_GROUP_ASSIGNMENT |
User Group Assignment |
|
IAM |
USER_GROUP_CREATE |
User Group Creation |
|
IAM |
USER_GROUP_DELETE |
User Group Delete |
|
IAM |
USER_GROUP_UPDATE |
User Group Update |
|
INTEGRATION |
MICRO_INTEGRATION_CREATE |
Micro-Integration Creation |
|
INTEGRATION |
MICRO_INTEGRATION_DELETE |
Micro-Integration Deletion |
|
INTEGRATION |
MICRO_INTEGRATION_UPDATE |
Micro-Integration Modification |
|
INTEGRATION |
MICRO_INTEGRATION_STATE_CHANGE |
Micro-Integration State Change |
|
INTEGRATION |
MICRO_INTEGRATION_LIMITS_UPDATED |
Micro-Integration Limit Updated |
|
INTEGRATION |
MICRO_INTEGRATION_UPGRADE_COMPLETE |
Micro-Integration Upgrade Completed |
|
MAINTENANCE |
MAINTENANCE_SCHEDULE_CREATED |
Maintenance Schedule Created |
|
MAINTENANCE |
MAINTENANCE_SCHEDULE_DELETED |
Maintenance Schedule Deleted |
|
MAINTENANCE |
MAINTENANCE_WINDOW_CREATED |
Maintenance Window Created |
|
MAINTENANCE |
MAINTENANCE_WINDOW_DELETED |
Maintenance Window Deleted |
|
MAINTENANCE |
MAINTENANCE_WINDOW_UPDATED |
Maintenance Window Updated |
|
SERVICE |
SERVICE_CREATE |
Messaging Service Creation |
|
SERVICE |
SERVICE_CLONE |
Messaging Service Clone |
|
SERVICE |
SERVICE_DELETE |
Messaging Service Deletion |
|
SERVICE |
ENABLE_DISTRIBUTED_TRACING |
Enable Distributed Tracing |
|
SERVICE |
DISABLE_DISTRIBUTED_TRACING |
Disable Distributed Tracing |
|
SERVICE |
SERVICE_FAILOVER |
Messaging Service Active Node Switch |
|
SERVICE |
SERVICE_LIMIT_CHANGE_REQUEST |
Messaging Service Limit Change Request |
|
SERVICE |
SERVICE_SCALEUP |
Messaging Service Scale Up |
|
SERVICE |
SERVICE_SEMP_BASIC_AUTH_TOGGLE |
Event Broker Service SEMP Basic Auth Toggle |
|
SERVICE |
SERVICE_SEMP_PASSWORD_CHANGE |
Messaging Service SEMP Password Change |
|
SERVICE |
SERVICE_SEMP_USER_CHANGE |
Messaging Service SEMP User Change |
|
SERVICE |
SERVICE_SHOW_PASSWORD |
Unmask password on Manage Service Settings |
|
SERVICE |
SERVICE_UPDATE |
Messaging Service Configuration Change |
|
SERVICE |
SERVICE_UPGRADE |
Messaging Service Upgrade |
|
SERVICE |
EVENT_BROKER_UPGRADE_CANCELLED |
Service upgrade canceled |
|
SERVICE |
EVENT_BROKER_UPGRADE_REQUESTED |
Service upgrade request |
|
SERVICE |
SERVICE_SWITCHOVER |
Active Messaging Node Switchover |