Audit Logs

On the Audit page, you can explore audit logs. Audit logs are also searchable on the Search page, and you can view Audit logs in every compartment by selecting the /_Audit log group on the Search page. For an overview of Audit, see Overview of Audit.

Note

This page replaces the classic Audit page features found in the Governance & Administration portion of the Console, which will eventually be deprecated. As a result, a new and improved Audit experience is now part of Oracle Cloud Infrastructure Logging, and we recommend you use this latest version of Audit instead.

Required Permissions for Audit Logs

To view and search Audit logs, you must have the corresponding Audit-related permissions. See Details for the Audit Service and Required Permissions for Searching Logs for more information.

Filtering Audit Logs

To filter Audit logs:

  1. Open the navigation menu and click Observability & Management. Under Logging, click Audit. The list of audit logs in the current compartment is displayed.
  2. Choose a compartment you have permission to work in.
  3. In User, add user filters. Multiple users can be added.
  4. In Resource, add resource filters. Multiple resources can be filtered on.
  5. In Request Action Types, select an action operation:
    • GET
    • POST
    • PUT
    • PATCH
    • DELETE

    Multiple request action types can be filtered on.

  6. In Event Type, add event filters. Multiple event filters can be added.
  7. In Custom Filters, start typing to automatically display filter settings, along with operators. For example, entering d displays filters starting with that letter. Use the up or down arrow keys to select from the list, or continue typing to enter what you want to filter on. This functions the same as this field on the Logging Search page.
    Note

    If you want to find log events with a specific status code, include quotes (") around the code to avoid results that have those numbers embedded in a longer string.
  8. In Filter by Time, select from one of the preset time periods:
    • Past 5 Minutes (the default)
    • Past 15 Minutes
    • Past Hour
    • Past 3 Hours
    • Today
    • Custom (choose your own using the Start Date and End Date fields)
  9. After entering your search text or filters, click Apply.
    Note

    Since the Audit page automatically refreshes after applying filters, you do not need to click the Apply button as you select different filters. You will, however, need to click Apply again after some time has passed and new logs have appeared.

The Convert to search option allows viewing your Audit Log results in the Search page, to further search and perform analysis across other logs in the system. When you use this option, the Advanced Search version of the Search page is filled with the chosen filter parameters (available in the Query field).

Click View query syntax to view the actual syntax query statement(s) associated with your filter settings. If you have applied multiple filters for a field, you can view how the query is constructed in terms of the combined OR and AND statements.

Exploring the Details of Events

On the Explore Events tab, each log entry is organized in terms of the Event Time, User, Resource, Type, Action, and Status. Click and expand an audit log entry. Each entry displays the log data in a JSON field view, similar to the Search page, where you can collapse and expand nodes, or click the copy icon to copy the log entry to the clipboard.

To export log data

At the top right portion of Explore Events, click Export Log Data (JSON). This feature allows you to export the log data to a JSON file that you can save to your system.

Viewing the Activity Stream

Click the Activity Stream tab to view the audit logs as a visual sequential list (by date, from newest to oldest log event). You click and expand an event to display the event in JSON format, and you can click the copy icon to copy the audit event to the clipboard.

Exporting Audit Events

Audit events can be exported using Service Connector Hub.

Audit Schema

See Version 2 Audit Log Schema for more information on the audit logging schema.