Master Audit Log
The master Audit Log
is available to site administrators from the Admin Console
- Select Admin > Site > Admin Console.
- Click Audit Log.
- Use the dropdown to select the kind of activity to view. See below for detailed descriptions of each dropdown value.
The dropdown groups events as follows:
- Assay/Experiment events: Assay run import and deletion, assay publishing and recall.
- Attachment events: Adding, deleting, and downloading attachments on wiki pages and issues.
- Authentication Provider Configuration events: Enabling and disabling authentication providers, such as LDAP.
- Client API Actions: Errors raised by client API calls.
- Copy-to-Study Assay events: Events related to copying assay data into a study.
- Dataset events: Inserting, updating, and deleting datasets records. QC state changes.
- Domain events: Changes to column properties. Creating and deleting domains.
- File events: Changes to a file repository.
- Group events: The following group-related events are logged:
- Administrator created a group.
- Administrator deleted a group.
- Administrator added a user or group to a group.
- Administrator removed a user or group from a group.
- Administrator assigned a role to a user or group.
- Administrator unassigned a role from a user or group.
- Administrator renamed a group.
- Administrator configured a container to inherit permissions from its parent.
- Administrator configured a container to no longer inherit permissions from its parent.
- List events: Creating and deleting lists. Inserting, updating, and deleting records in lists.
- Logged sql queries: SQL queries sent to the database, including the date, the container, the user, and any impersonation information. Applies to SQL queries sent to the native database only; does not apply to external data sources. To log SQL queries from external data sources, see SQL Query Logging.
- Message events: Message board activity, such as email messages sent.
- Project and Folder events: Creation, deletion, renaming, and moving of projects and folders.
- Query export events: Query exports to different formats, such as Excel, TSV, and script formats.
- Query update events: Changes to SQL queries, such as inserting and updating records in the query.
- Sample Set events: Records inserted and updated in sample sets.
- Search: Text searches requested by users.
- Site Settings events: Changes to the site settings made on the "Customize Site" and "Look and Feel Settings" pages.
- Specimen Comments and QC: Comments and QC changes in specimen repositories.
- User events: All user events are subject to the 10 minute timer. For example, the server will skip adding user events to the log if the same user signs in from the same location within 10 minutes of their initial login. If the user waits 10 minutes to login again then the server will log it.
- User added to the system (via an administrator, self sign-up, LDAP, or SSO authentication).
- User verified and chose a password.
- User logged in successfully (including the authentication provider used, whether it is database, LDAP, etc).
- User logged out.
- User login failed (including the reason for the failure, such as the user does not exist, incorrect password, etc).
- User changed password.
- User reset password.
- User login disabled because too many login attempts were made.
- Administrator impersonated a user.
- Administrator stopped impersonating a user.
- Administrator changed a user's email address.
- Administrator reset a user's password.
- Administrator disabled a user's account.
- Administrator re-enabled a user's account.
- Administrator deleted a user's account.
Allowing Non-Admins to See the Audit Log
By default, only administrators can view audit log events and queries. If an administrator would like to grant access to read audit log information to a non-admin user or group, they can do so assigning the role "See Audit Log Events". For details see Security Roles Reference
Other event-specific logs are available in the following locations:
|Logged Event||Location of Log|
|Assays Copied to a Study||See Copy-To-Study History.|
|Datasets||Go to the dataset's properties page, click Show Import History. See Edit Dataset Properties.|
|ETL Jobs||See ETL: All Jobs History.|
|Files Web Part||See File Repository Administration.|
|Lists||See Manage Lists.|
|Project Users||Go to Admin > Folder > Project Users, then click History.|
|Queries (for external data sources)||See SQL Query Logging.|
|Site Users||Go to Admin > Site > Site Users, then click History.|
|All Site Errors||Go to Admin > Site > Admin Console and click View All Site Errors. Shows the current contents of the labkey-errors.log file from the TOMCAT_HOME/logs directory, which contains critical error messages from the main labkey.log file.|
|All Site Errors Since Reset||Go to Admin > Site > Admin Console and click View All Site Errors Since Reset. View the contents of labkey-errors.log that have been written since the last time its offset was reset through the Reset Site Errors link.|
|Primary Site Log File||Go to Admin > Site > Admin Console and click View Primary Site Log File. View the current contents of the labkey.log file from the TOMCAT_HOME/logs directory, which contains all log output from LabKey Server.|
Setting Audit Detail Level
You can set the level of auditing detail on a table-by-table basis, determining the level of auditing for insert, update, and delete operations. Option include:
- NONE - No audit record.
- SUMMARY - Audit log reflects that a change was made, but does not mention the nature of the change.
- DETAILED - Provides full details on what change was made, including values before and after the change.
When set to detailed, the audit log records the fields changed, and the values before and after. A Details
link appears in the audit log, linking to full information.
The audit level is set by modifying the metadata XML attached to the table. For details see Query Metadata: Examples