On the Audit page, you can explore audit logs. Audit logs are also searchable on the Search page, and you can view Audit logs in every compartment by selecting the /_Audit log group on the Search page. For an overview of Audit, see Overview of Audit.
This page replaces the classic Audit page features found in the Governance & Administration portion of the Console, which will eventually be deprecated. As a result, a new and improved Audit experience is now part of Oracle Cloud Infrastructure Logging, and we recommend you use this latest version of Audit instead.
Required Permissions for Audit Logs
Filtering Audit Logs
To filter Audit logs:
- Open the navigation menu and click Observability & Management. Under Logging, click Audit. The list of audit logs in the current compartment is displayed.
- Choose a compartment you have permission to work in.
- In User, add user filters. Multiple users can be added.
- In Resource, add resource filters. Multiple resources can be filtered on.
- In Request Action Types, select an action
Multiple request action types can be filtered on.
- In Event Type, add event filters. Multiple event filters can be added.
- In Custom Filters, start typing to automatically
display filter settings, along with operators. For example, entering
d displays filters starting with that letter. Use
the up or down arrow keys to select from the list, or continue typing to
enter what you want to filter on. This functions the same as this field on
the Logging Search page.Note
If you want to find log events with a specific status code, include quotes (") around the code to avoid results that have those numbers embedded in a longer string.
- In Filter by Time, select from one of the preset time
- Past 5 Minutes (the default)
- Past 15 Minutes
- Past Hour
- Past 3 Hours
- Custom (choose your own using the Start Date and End Date fields)
- After entering your search text or filters, click
Since the Audit page automatically refreshes after applying filters, you do not need to click the Apply button as you select different filters. You will, however, need to click Apply again after some time has passed and new logs have appeared.
The Convert to search option allows viewing your Audit Log results in the Search page, to further search and perform analysis across other logs in the system. When you use this option, the Advanced Search version of the Search page is filled with the chosen filter parameters (available in the Query field).
Click View query syntax to view the actual syntax query statement(s) associated with your filter settings. If you have applied multiple filters for a field, you can view how the query is constructed in terms of the combined OR and AND statements.
Exploring the Details of Events
On the Explore Events tab, each log entry is organized in terms of the Event Time, User, Resource, Type, Action, and Status. Click and expand an audit log entry. Each entry displays the log data in a JSON field view, similar to the Search page, where you can collapse and expand nodes, or click the copy icon to copy the log entry to the clipboard.
At the top right portion of Explore Events, click Export Log Data (JSON). This feature allows you to export the log data to a JSON file that you can save to your system.
Viewing the Activity Stream
Click the Activity Stream tab to view the audit logs as a visual sequential list (by date, from newest to oldest log event). You click and expand an event to display the event in JSON format, and you can click the copy icon to copy the audit event to the clipboard.
Exporting Audit Events
Audit events can be exported using Service Connector Hub.
See Version 2 Audit Log Schema for more information on the audit logging schema.