Audit Logs

To see history of actions that are performed on certain objects, administrators can access audit log files.
To see history of actions that are performed on certain objects, administrators can access audit log files.
Audits are guaranteed to be stored for a maximum period of 90 days. Any audits older than 90 days may be deleted. We recommend that you export the audit logs before the expiry period.
The following table shows the objects that are audited for the recorded events:
Object audited
Recorded event
API
Created, Updated, Deleted
Application
Created, Updated, Deleted
Organization
Created, Updated, Deleted
API EULA
Created, Updated, Deleted
API Plan
Created, Updated, Deleted
Account Plan
Created, Updated, Deleted
Custom Field
Created, Updated, Deleted
User
Created, Updated, Deleted, Login Success, Login Failed
Administrators can:
View Audit Logs 
As an administrator, you can access data for the audited objects within Portal.
Follow these steps:
  1. In the dashboard, select
    Administration
    .
  2. Select 
    Audit Logs
    .
    The Audit Logs page opens. By default, the latest audit logs appear at the top of the list. 
  3. You can sort by any column except for the
    Agent
    column:
    • Time (UTC)
    • Object
      - Shows the entity for the log entry
    • Object Name
    • Action
      - Shows options:
      Created
      ,
      Updated
      ,
      Deleted
      ,
      Login Success
      ,
      Login Failed
      .
    • User
      - The username of the user who performed the action. A user value
      Portal API
      , means that the audit event was created through a Portal API call. A user value
      Registration Service
       shows for users that are not yet registered in Portal. 
    • Agent
      - Shows where the action originated (Mozilla, Python, Chrome, and so on), or CA API Gateway.
The following image shows examples of log entries:
Portal Audit Logs.png
View, Filter, and Sort Audit Logs Using an API Call
Follow these steps:
  1. In the dashboard, select 
    Portal API
    .
  2. From the 
    API
     drop-down list, select 
    Portal API
    .
    A list of Portal APIs shows.
  3. Select 
    Auditing: View and filter audit logs
    .
  4. Select the 
    /tenant-admin/1.0/audits
    endpoint.
  5. (Optional): Enter the start time (
    startTs
    ) and end time (
    endTs
    ) parameters. 
    Note:
    Enter the UNIX Epoch timestamp in milliseconds.
    Example:
     1539707873000.
  6. (Optional): To filter the results, enter a value for the parameter field that you want to filter by. 
    For example, to see only audit events for the entity type "Application", enter value "Application" in the 
    entityType 
    parameter field.
    The following list shows available
    entityType
    options:
    • API
    • Application
    • Organization
    • API EULA
    • API Plan
    • Account Plan
    • User
    • Custom Field
  7. (Optional): Enter the value for the
    size
    parameter. The default value is 10. The maximum value is 2000. 
  8. (Optional): To sort the results, add a custom parameter. See Add a Custom Parameter for /tenant-admin/1.0/audits.
  9. Select
    Submit
    .
A list of audit logs is returned. 
Add a Custom Parameter for 
/tenant-admin/1.0/audits
optional.png
Add a custom parameter to sort results.
Follow these steps:
  1. Go to 
    Portal API
    Auditing: View and filter audit logs
    .
  2. Select the 
    /tenant-admin/1.0/audits 
    endpoint.
  3. Select
    Add Parameter
  4. In the
    Parameter
    column, enter
    sort
    .
  5. In the
    Value
    column, enter the value that you want to sort by. 
    Example:
     To sort by 
    entityType
    , enter value
    entityType,ASC
     for ascending order or 
    entityType,DESC 
    for descending order. If no sort field is specified, the default is ASC. The most recent audits are displayed first.
    Note:
     Sorting by "simplified agent" is not available at this point.
  6. Select 
    Submit
    .
A list of audit logs sorted by entityType in ascending or descending order is returned.
Export Audit Logs Using an API Call
Follow these steps:
  1. In the dashboard, select 
    Portal API
    .
  2. From the 
    API
     drop-down list, select 
    Portal API
    A list of Portal APIs shows.
  3. Select 
    Auditing: View and filter audit logs
    .
  4. Select the 
    /tenant-admin/1.0/audits/export 
    endpoint.
  5. Enter the start time (
    startTs
    ) and end time (
    endTs
    ) parameters. 
    Note:
     Enter the UNIX Epoch timestamp in milliseconds. Example: 1539707873000. The maximum range for query data is 90 days.
  6. Select the format of the exported document:
    • CSV
    • JSON
  7. (Optional): To add custom parameters, see Add a Custom Parameter for /tenant-admin/1.0/audits/export.
    Size and page parameters are not available for this endpoint. 
  8. Select
    Submit
    .
A download link with an exported list of audit logs is returned. The export file is .zip regardless of the format selected.
Add a Custom Parameter for /tenant-admin/1.0/audits/export  optional 2.png
For the Auditing Portal API, you can add custom parameters to filter results.
Following are the available custom parameters to filter by:
  • entityType
  • entityName
  • action
  • userName
Follow these steps:
  1. Go to 
    Portal API
    Auditing: View and filter audit logs
    .
  2. Select the 
    /tenant-admin/1.0/audits/export 
    endpoint.
  3. Select 
    Add Parameter
  4. In the 
    Parameter
     column, enter, for example, 
    action
    .
  5. In the 
    Value
     column, enter the value that you want to filter by, for example,
    Created
    .
  6. Select 
    Submit
    .
A list of audit logs filtered by action "Created" is returned.
For more details about APIs for audit logs, see the 
Auditing
 Swagger JSON file in Portal API (PAPI)