All Collections
Advanced usage
Audit log event description
Audit log event description
Jordi Giménez avatar
Written by Jordi Giménez
Updated over a week ago

For certain actions concerning an account, or personal or otherwise sensitive data, logs are stored with useful information such as:

  • Time: the time when the action took place

  • IP Address: IP address of the user

  • User ID: user information such as name and email (with "sudo" in the end, if done by customer support)

  • Event Type: the code of the event

  • Resource ID: event-related information such as user, app, team, or device IDs

  • Details: additional event information such as contents that were updated, action, and filters used in action

Event Type

Resource ID

Description

Details

user.register

user:userID

the user signed up

userEmail or "github:github"

user.login

user:userID

the user logged in

userEmail or "saml:saml" or "github:github" (",2FA" in the end if 2fa login)

user.logout

user:userID

the user logged out

-

user.passwordreset

user:userID

the user reset their password

-

user.2fa.securitykey.add

user:userID

2-factor-authentication "security key" was added

keyID

user.2fa.securitykey.remove

user:userID

2-factor-authentication "security key" was removed

keyID

user.2fa.totp.enable

user:userID

2-factor-authentication "Time-based one-time password" was enabled

-

user.2fa.totp.disable

user:userID

2-factor-authentication "Time-based one-time password" was disabled

-

user.2fa.sms.enable

user:userID

phone number was attached to the account

phoneNumber

user.2fa.sms.disable

user:userID

phone number was detached from the account

-

team.members.remove

team:teamID

a member was removed from the team

userID

team.members.remove

app:appID

a member was removed from a specific app inside the team

userID

team.members.invite

team:teamID

a member was invited to the team

"userEmail(role)"

team.members.invite

app:appID

a member was invited to a specific app inside the team

"userEmail(role)"

team.members.join

team:teamID

someone accepted an invite and became a member of the team

-

team.members.role

app:appID:user:userID

the role of a member in an app was changed

role

team.members.role

team:teamID:user:userID

the role of a member in a team was changed

role

team.plan.change

team:teamID

the team plan was upgraded or downgraded

planName

device.search

app:appID

a search was done in the "DEVICE CONFIG" tab

json of the device filter

device.log.search

app:appID

a device search done in the "LOGS" tab (Per Device Mode)

json of the device log filters

device.log.search

app:appID:device:deviceID

a device log search was done in the "LOGS" tab (Per Device Mode)

json of the device log filters

device.log.search

app:appID:device:*

a search was done over all devices in the "LOGS" tab (All Logs Mode)

json of the device log filters

device.log.enabled

app:appID:device:deviceID

enabled or disabled logging for a specific device in the "DEVICE CONFIG" tab

"enabled" or "disabled"

device.log.enabled

app:appID:device:multiple

enabled or disabled logging for multiple devices in the "DEVICE CONFIG" tab

json of the filter used to select multiple devices, and an 'Action' field that holds: "enabled" or "disabled"

device.data.erasure

app:appID:device:deviceID

a device was blocked or unblocked (after blocking, erasure happens in the background)

"blocked" or "unblocked"

Activity log retention

We retain activity logs for 1 year.

Did this answer your question?