View system activities

This topic describes the system activities functionality in the Audit service.

Overview

System and tenant administrators, as well as auditors, need an easy way to view system events and their details. The Activities page in the Audit service enables viewing events such as user access, user activities, time and date of these activities, and other relevant data.

This information is helpful for internal purposes such as troubleshooting, analyzing failures, identifying suspicious activities, and performing forensic investigations.

System activity information is also needed for record of proof/accountability, and to demonstrate compliance with external certification programs.

View general audit information

You can see the following information in the Activities page:

General information about system activities

Item

Description

Timestamp

Time that the activity was written.

Event

The activity that was performed by the user, service, or application.

User

The name of the user, service, or application that performed the activity.

Action

The type of activity that was performed, from a closed list.

Service

The service that sent the event.

To refresh the view, click the refresh icon above the table on the right.

Filter and search

You can view activities for the last day, week, or month, or you can define a custom date and time range.

You can search by event, username, or service using free text.

View specific event details

To drill through and view additional details for an event, click the row. The following additional information is displayed.

System activity event details

Item

Description

General details

Event

Activity that was performed by the user, service, or application.

Description

Description of the activity that occurred.

Event source

Source IP address of the user, service, or application that triggered the event.

Event target

Target IP address of the user, service, or application that received the event.

Username

Name of the user, service, or application that performed the event.

User ID

User ID of the user, service, or application that performed the event.

Specific event details

Command

(CLI only) Command that triggered the event.

Custom data

You may see one or more additional fields depending on the event and service. This information is dynamic.