Audit Logs FAQ

FAQ on Audit Logs

Frequently asked questions on Audit Logs

Audit Logs provides visibility into user actions within a Site24x7 account for compliance and accountability. Here are a few common questions about Audit Logs answered.
  1. What is the difference between Audit Logs and Alert Logs in Site24x7?
    Audit Logs records user and system actions performed within your Site24x7 account, such as configuration changes, logins, and resource deletions. Alert Logs, on the other hand, captures notifications sent for monitoring events like threshold breaches and downtime notifications. Audit Logs is primarily used for accountability and compliance, while Alert Logs is used for incident tracking and response.
  2. Who can view Audit Logs?
    Audit Logs can be accessed by users with the Admin, Super Admin, or MSP Admin role. Custom role users can also access Audit Logs if they have been explicitly granted permission.
  3. Can I filter Audit Logs for a specific monitor or user?
    Yes. You can use the query-based filter to narrow down audit entries by fields such as Performed By, User ID, Resource Name, Monitor Name, Action, Source, IP Address, and more. This helps you isolate activity for a specific resource or user quickly.
  4. How far back can I search in Audit Logs?
    Audit activities from the last six months can be searched and filtered directly. To access data older than six months (up to 13 months), you must reindex the required date range before performing a search. Data older than 13 months is automatically removed.
  5. Can I export Audit Logs?
    Yes. You can export audit log data as a PDF or CSV directly from the query section. You can also email the results to yourself or your team.
  6. Can I get notified when a specific action is recorded in Audit Logs?
    Yes. You can create alert templates directly from the Audit Logs page to get notified when specific log conditions occur. Site24x7 also provides default quick templates for common scenarios, such as Recent Deletions, Recent Suspensions, Excessive Write Operations, Excessive API Requests, and User Activity.
  7. Can I see exactly what changed in a configuration update?
    Yes. Clicking any audit log entry opens a detailed panel that includes a side-by-side comparison of the old and new configuration parameters. You can use the Show changes only toggle to focus exclusively on the fields that were modified.
  8. Can I view Audit Logs for a specific monitor without navigating to the main Audit Logs page?
    Yes. You can access audit entries from the following pages:
    1. Direct navigation: Go to Admin > Operations > Audit Logs.
    2. From monitor detail pages: Go to Home > Monitors > select any monitor > Audit Logs.
    3. From Monitor Groups: Go to Home > Monitor Groups > select any monitor group > Audit Logs.
    4. From list and admin pages: On any monitor listing or admin configuration page, click the hamburger icon  next to a resource and select View Audit Logs to jump directly to audit entries for that resource.
    5. From Alarms: Go to Home > Alarms > Audit Logs.
    6. From Applogs: Go to Admin > Applogs > select the log type as Audit Logs.
    7. From other pages: You can access Audit Logs from other pages like Configuration Profiles and Dashboards. Click the hamburger icon  next to any resource on a listing page and select View Audit Logs.
  9. Can I add Audit Log data to a custom dashboard?
    Yes. You can create Audit Logs widgets on any custom dashboard by saving a search query and adding it as an AppLogs widget with the log type set to Audit Logs.
  10. Does Audit Logs capture actions performed via API or Terraform?
    Yes. The Source field in each audit entry identifies where the action originated—including the web console, mobile app, API, or Terraform—so API-driven and infrastructure-as-code changes are fully tracked and attributable.

    • Related Articles

    • Breakdown of the bulk action codes in the audit logs

      Use the below codes to read and understand the bulk actions in the audit logs: Bulk Action Codes Threshold Profile 0 Location Profile 1 Notification Profile 2 User Alert Groups 3 Check Frequency 4 IT Automation 5 Activate Monitor 6 Suspend Monitor 7 ...
    • Filtering Windows event logs before uploading

      You can filter Windows event logs in the agent side before uploading them to Site24x7. You can configure to eliminate the unwanted event IDs, so that you can skip them while uploading. You can set these field configuration while Adding a Log Type, or ...
    • Where are the Network Monitoring logs located?

      The default directories for installing the On-Premise Poller are: Windows: C:\Program Files(x86)\Site24x7OnPremisePoller Linux: /opt/Site24x7OnPremisePoller On-Premise Poller logs If you've installed the On-Premise Poller in the default directory ...
    • How to collect Applications and Services Logs from Windows event logs

      Site24x7 AppLogs uses the Windows Management Instrumentation (WMI) query on the Site24x7 Server Monitoring agent to fetch event logs. The WMI module requires the registry entry below to read the event logs from the Applications and Services Log ...
    • How to retrieve logs from server-agent-based monitors?

      If you have a Windows agent, you can use the following path to retrieve the agent logs: Go to the installation directory > Site24x7 > WinAgent > Monitoring > Logs If you have a Linux server, you can retrieve logs for your server agent by using the ...