Audit logs

Overview

Audit logs for your team that manages operations help the IT administrators and Atlassian support teams troubleshoot integrations and issues related to configuration changes. Audit logs are accessible to only the admins (organization, site, or product). If you’re a team admin, contact the admin for your organization, site, or product for access permissions.

Audit logs is the best place to go to view all the incoming data related to your integrations and configuration updates or if you’re having trouble with your integrations for your team that’s managing operations.

Troubleshooting integration data flows follows this pattern:

  • Check the logs of the originating system to verify that a request is made.

  • Check the audit logs to verify that the request is received.

  • If the request is received, look into how it was processed.

  • If the request isn’t received, check the configuration on the sender’s side.

Detailed versions of alert activity events are available in the alert activity logs.

Audit logs are maintained, by default, for 180 days.

Understanding audit logs

Audit logs capture and provide key information on the activities and their outcomes. They are broadly categorized into two groups and further into sub-categories.

Log categories

The log category tells you whether the record relates to a notification, alert, integration, etc.

Jira Service Management System Actions: Captures information about system-originated actions (incoming data and automation).

Jira Service Management User Actions: Captures information about user-originated activity in the following areas. For example, configuration changes at a product or integration level, project settings, assets (global schemas, reference, status, icons), etc. The following isn’t an exhaustive list, but it gives you an idea of what is covered.

  • Alerts

  • API

  • Integrations

  • Emails

  • Heartbeats

  • Notifications

  • On-call schedules

An activity could be a create/change/delete action taken in relation to any of these entities.

Category

For logging ..

Category

For logging ..

Integration

Changes related to integrations

Alert and alert action

Changes related to alerts and alert actions

API request

Changes related to API payloads

Email request

Changes related to email workflows

Config change

Changes related to configuration

Notification

Changes related to notifications

Log levels

There are three logging levels available in audit logs:

  • INFORMATION (including DEBUG and TRACE): The most verbose logging. Indicates what’s generally happening in the environment.

  • WARNING: The default level. Indicates that something may have gone wrong or other messages an admin might be interested in.

  • ERROR (includes FATAL): The least verbose logging. Indicates that something has gone wrong in the environment.

Log attributes and examples

The following table lists the primary log attributes every log entry comprises and provides examples for each:

Attribute

Example

Attribute

Example

Timestamp and timezone

Mar 08, 2023 16:24 GMT+5:30

Category

Integrations, Alerts, Configuration changes

Activity summary

[outgoing][alert] Received integration request with event ID: [a4a89a81-386c-489b-a897-a1bd72035884], but there are integration(s) that are turned off.

[alertAction] User [xyz@mysite.com] is added as a responder via web.

Log level

INFORMATION

WARNING

ERROR

Logs in JSON format