Skip to main content

View the system audit log

The System Audit Log is the operational record of who signed in, who changed accounts and roles, what settings were updated, and when the server started or stopped. Open it to investigate a sign-in problem, confirm an account change, or review configuration activity.

This is not the per-record change history for your domain data. To see who edited a Site, Sample, or Lab Report, use Activity Hub → Audit Log instead. The two logs live in separate databases and answer different questions — see Aggregates, locking, and auditing for the distinction.

Before you start
  • Role required: Administrator. The System Audit Log opens only for the Administrator role.

Steps

  1. Go to Administration → System Audit Log. The page opens to the most recent events, newest first.

  2. Read the grid. Each row is one event with these columns:

    ColumnWhat it shows
    TimeWhen the event occurred
    CategoryThe event group — for example Authentication or Configuration
    EventThe specific event type, such as Login or Setting Updated
    ResultThe outcome — Success, Failure, Blocked, Timeout, Partial Success, or Unknown
    UserThe actor (display name, falling back to the user ID)
    DescriptionA one-line summary of what happened
  3. Select any row to open the full entry. The detail view adds the IP address, user agent, request ID, correlation ID, affected entity, structured additional data, and error details when present.

  4. Sort, search, and export from the grid toolbar. Sorting, the search box, and paging all run on the server, so they apply across the whole log — not just the rows on screen. Export downloads the full filtered set as XLSX or CSV. The grid shows Time in your local time zone; the exported Time (UTC) column is in UTC, so the file reads consistently wherever it is opened.

Filter the log

The grid loads events on demand from the server and pages through the entire log — there is no row cap, so older events are always reachable by paging or filtering. Use the toolbar page-size selector to change how many rows load at a time. Use the filter to scope the feed before you page or search.

  1. Select Filters in the grid toolbar. The Filter Audit Log dialog opens.

  2. Set any of these criteria:

    FieldWhat to enter
    CategoryOne event group (see the table below)
    ResultOne outcome value
    EventOne specific event type
    User IDAn exact user ID match
    From / ToThe start and end of a date range
    Failures only (Failure, Blocked, Timeout)Limit to non-success events
  3. Select Apply. Active filters appear as chips above the grid; remove one with its ×, or select Clear all to reset.

Event categories

The System Audit Log groups events into categories. In this release, Erde records events in four of them; the remaining categories are reserved and stay empty until their features ship.

CategoryRecords in this release
AuthenticationSign-in and sign-out, password changes and resets, account lock and unlock, token revocation and misuse, and single sign-on events
User ManagementCreating, updating, and deleting users; assigning and removing roles; admin password resets; and users updating their own profile
ConfigurationSystem setting updates and rejected setting changes (encrypted values are recorded as [REDACTED])
SystemServer start and shutdown, and completion of first-run setup
Database ManagementReserved — no events yet
SecurityReserved — no events yet
Background TasksReserved — no events yet
MaintenanceReserved — no events yet
Backup ManagementReserved — no events yet

Result

You see the matching events newest first. Each row identifies the actor, the event, and its outcome; selecting a row opens the full entry, including the originating IP address and request and correlation IDs for tracing.

Troubleshooting

SymptomCauseResolution
The page does not appear under AdministrationYou are not an AdministratorThe System Audit Log is Administrator-only; sign in with an account that has the Administrator role
There are more events than fit on one pageThe log is largeMove through pages with the pager, or narrow the date range or add a Category, Event, or Result filter; the grid pages the full log server-side, so nothing is hidden