Using Audit Logs

The Audit Logs provide records of user activity for security and compliance for your PubSub+ Cloud enterprise account. You can view, monitor, and track the sequence of the following activities in the console:

  • IAM operation such as user login
  • User management activities such as user activation or role changes
  • Service lifecycle events such as event broker service creation or deletion

You can modify the scope of the audit log entries that are displayed by applying filters and customizing the columns. You can also download the audit logs to your workstation. The audit logs are retained in the console for six months; records older than six months are automatically deleted.

It's important to recognize that audit logs are for account-level and not used for the monitoring of event broker services. If you are looking for logs that contain information about event broker services, you can either:

  • Use PubSub+ Insights, which collects metrics and provides useful visualizations of event broker services. For more information, see PubSub+ Insights Overview.
  • Forward the logs from the event broker service to a server or an external log monitoring system that you control. For more information, see Forwarding Logs to an External System.
  • For more information about audit logs, see

Who Can Access the Audit Logs?

Administrators

Administrators can access the audit logs for the whole organization. They can view and track actions performed by all users and understand "who did what, where, and when?" within the enterprise account. Administrators can download the audit logs of any user within the organization to their workstation.

All users (Non-admins)

All non-admin users can access only their own audit logs. Individual users can monitor and track their own audit logs, and download them to their workstation.

 

Viewing Audit Logs

You can view the audit logs in the Account Details section in the console. You can also filter the audit logs based on fitler criteria that you provide.

To access the audit logs:

  1. Log in to the PubSub+ Cloud Console if you haven't already.
  2. On the navigation bar, click User & Account and select Account Details.
  3. Select the Audit Logs tab and you will see the default list view that shows:
    • the date and time of the occurrence
    • the unique event ID for each entry
    • the event category (IAM or Service).
    • the type of event
    • the information of the user who performed the activity
    • the IP address of the device used to connect to the console
    • the time taken to complete the activity

    Use the filter to change the scope of the entries to display.

  4. Click an audit log entry to display additional description. The information panel contains description to help you make the most of your audit log data.

Filtering Audit Logs

All the audit log entries for the past week are displayed by default. Administrators can see the audit log entries of all the users within the enterprise account. Using the filter, you can specify the fields that are displayed on the UI.

To apply filters, do the following:

  1. Log in to the PubSub+ Cloud Console if you haven't already.
  2. On the navigation bar, click User & Account and select Account Details.
  3. Select the Audit Logs tab and click Show Filters to expand the options.

  4. From the available options, you can apply the following filters:
    • Time Range—select from the last hour to last month
    • Category—select IAM or Service ; based on this selection, relevant filter options will be accessible in the Event field.
    • Username—administrators can filter the audit logs of a specific user.
    • Status—choose status of the activity (Successful, Failed, or are In progress).
    • Event—filter a specific event. This option will be accessible based on the Category selected (IAM or Service),
  5. Once you've set the filters, click Apply to filter the logs; otherwise click Discard Changes.

You can repeat steps 4-5 to further filter the logs or click filter criteria to remove it as shown below.

Managing Column List View

Use the Manage Columns to add or remove columns from the audit log entries.

  1. Log in to the PubSub+ Cloud Console if you haven't already.
  2. On the navigation bar, click User & Account and select Account Details.
  3. Select the Audit Logs tab, and then on the table, click the Manage Columns . This will open a menu with the list of fields that are available for you to select to appear in the table.
  4. Select or deselect the checkbox to show or hide a column from the table, respectively. The columns you choose are automatically saved.

Downloading Audit Logs

You can download the audit logs as a JSON file. The downloaded file contains all the records that match the criteria selected. If no filter criteria is selected, all the entries for the last week are downloaded.

To download a filtered audit log, do the following:

  1. Log in to the PubSub+ Cloud Console if you haven't already.
  2. On the navigation bar, click User & Account and select Account Details.
  3. Select the Audit Logs tab.
  4. (Optional) Apply filters to the audit logs. See Filtering Audit Logs for the steps.
  5. Click Download JSON.

The JSON file will be downloaded to your computer.