On the Audit page, you can explore audit logs. Audit logs are also searchable on the Search page, and you can view Audit logs in every compartment by selecting the /_Audit log group on the Search page.
For an overview of Audit, see Overview of Audit.
This page replaces the classic Audit page features found in the Governance & Administration portion of the Console, which will eventually be deprecated. As a result, a new and improved Audit experience is now part of Oracle Cloud Infrastructure Logging, and we recommend that you use this latest version of Audit instead.
Required Permissions for Audit Logs
To view and search Audit logs, you must have the corresponding Audit-related permissions. For more information, see Details for the Audit Service and Required Permissions for Searching Logs for more information.
Filtering Audit Logs
- Open the navigation menu and click Observability & Management. Under Logging, click Audit. The list of audit logs in the current compartment is displayed.
- Choose a compartment you have permission to work in.
- Under User, add user filters. You can select multiple users.
- Under Resource, add resource filters. You can filetr multiple resources.
- Under Request action types, select an action operation:
You can filter multiple request action types.
- Under Event type, add event filters. You can select multiple event filters.
- Under Custom filters, start typing to automatically display filter settings, along with operators. For example, entering d displays filters starting with that letter. Use the up or down arrow keys to select from the list, or continue typing to enter what you want to filter on. This action functions the same as this field on the Logging Search page.Note
If you want to find log events with a specific status code, include quotes (") around the code to avoid results that have those numbers embedded in a longer string.
- Under Filter by time, select from one of the preset time periods:
- Past 5 minutes (the default)
- Past 15 minutes
- Past hour
- Past 3 hours
- Custom (choose your own using the Start Date and End Date fields)Note
Only a 14-day range is available when performing a Custom search.
- After entering your search text or filters, click Apply.Note
Because the Audit page automatically refreshes after applying filters, you don't need to click the Apply button as you select different filters. However, you must click Apply again after some time has passed and new logs have appeared.
The Convert to search option allows you to view your Audit Log results in the Search page, to further search and perform analysis across other logs in the system. When you use this option, the Advanced Search version of the Search page is filled with the chosen filter parameters (available in the Query field).
Click View query syntax to view the actual syntax query statements associated with your filter settings. If you have applied multiple filters for a field, you can view how the query is constructed in terms of the combined OR and AND statements.
Exploring the Details of Events
On the Explore events tab, each log entry is organized in terms of the Event Time, User, Resource, Type, Action, and Status. Click and expand an audit log entry. Each entry displays the log data in a JSON field view, similar to the Search page, where you can collapse and expand nodes, or click the copy icon to copy the log entry to the clipboard.
To export log data, in Explore events, click Export Log Data (JSON). This feature allows you to export the log data to a JSON file that you can save to your system.
Viewing the Activity Stream
Click the Activity stream tab to view the audit logs as a visual sequential list (by date, from newest to oldest log event). You click and expand an event to display the event in JSON format, and you can click the copy icon to copy the audit event to the clipboard.
Exporting Audit Events
You can export audit events using Connector Hub.
For more information on the audit logging schema, see Version 2 Audit Log Schema.