|
| 1 | +--- |
| 2 | +title: View Organization Audit Logs in Cloud Console |
| 3 | +summary: Learn about viewing CockroachDB Cloud organization audit logs in the Cloud Console. |
| 4 | +toc: true |
| 5 | +docs_area: manage |
| 6 | +cloud: true |
| 7 | +--- |
| 8 | + |
| 9 | +CockroachDB {{ site.data.products.cloud }} captures audit logs when many types of events occur, such as when a cluster is created or when a user is added to or removed from an organization. |
| 10 | + |
| 11 | +## Why audit logs matter |
| 12 | +For organization administrators, security teams, and compliance officers, audit logs provide critical insights into system activities. These logs are essential for: |
| 13 | +- Tracking user role changes (e.g., identifying when and by whom an Admin role was assigned) |
| 14 | +- Investigating cluster costs (e.g., determining who created a cluster and when) |
| 15 | +- Understanding IP allowlisting changes (e.g., identifying why and by whom an IP address was added) |
| 16 | +- Verifying cluster deletions (e.g., ensuring deletions were intentional, prompted by alerts) |
| 17 | +- Diagnosing performance issues (e.g., tracking configuration changes affecting performance) |
| 18 | +- Analyzing security threats (e.g., investigating failed login attempts and suspicious activity) |
| 19 | +- Reviewing maintenance schedule changes (e.g., tracking modifications to maintenance windows) |
| 20 | + |
| 21 | +## View audit logs |
| 22 | + |
| 23 | +1. Navigate to the [CockroachDB Cloud Console](https://cockroachlabs.cloud/) and log in as an account with the [Organization Admin role]({% link cockroachcloud/authorization.md %}#org-administrator). |
| 24 | +1. Select **Organization** » **Audit Logs** from the top navigation bar dropdown. This will bring you to the **Audit Logs** page, which shows a (possibly empty) list of audit logs. |
| 25 | + |
| 26 | +## Filter audit logs |
| 27 | +Filter the audit logs by the following fields: |
| 28 | + |
| 29 | +- **Time Range (UTC)**: |
| 30 | + - Default: Last 48 hours. |
| 31 | + - To set the time range, click on the **Start date** or **End date**. Select your desired time range in the calendar dropdown or type in your desired dates and times. |
| 32 | +- **User email**: Optionally select one or more email addresses of the [organization's members]({% link cockroachcloud/managing-access.md %}#manage-an-organizations-users). |
| 33 | +- **Action name**: Optionally select one or more predefined auditable actions. |
| 34 | +- **Cluster name**: Optionally select one or more cluster names. |
| 35 | + |
| 36 | +## Audit log details |
| 37 | + Click on a log entry to open an **Action details** right sidebar displaying event information, including the full payload in the **Details** section. |
| 38 | + |
| 39 | +## URL Query Parameters |
| 40 | + |
| 41 | +The state of all selected filters is reflected in the URL query parameters for easy sharing, such as |
| 42 | + |
| 43 | +- `startingFrom` and `endingAt` for time range |
| 44 | +- `logId` for the **Action ID** of an expanded log entry in the sidebar |
| 45 | + |
| 46 | +For example: |
| 47 | + |
| 48 | +``` |
| 49 | +https://cockroachlabs.cloud/audit-logs?startingFrom=2025-03-04T19%3A51%3A36.590Z&endingAt=2025-03-07T19%3A51%3A36.000-05%3A00&logId=78d55b3c-424e-45fa-bbce-03f2ed738897 |
| 50 | +``` |
| 51 | + |
| 52 | +## Data Presentation |
| 53 | + |
| 54 | +If audit logs are found for the filter selections, a table will be displayed with the following columns: |
| 55 | + |
| 56 | +- **Time (UTC)** |
| 57 | +- **Users**: either member email or [service account name]({% link cockroachcloud/managing-access.md %}#manage-service-accounts) (Note that there is no filter for service account name) |
| 58 | +- **Action name** |
| 59 | +- **Cluster name** |
| 60 | +- **Source**: either `UI` or [`API`]({% link cockroachcloud/cloud-api.md %}) |
| 61 | + |
| 62 | +## See also |
| 63 | +- [Export CockroachDB Cloud Organization Audit Logs](cockroachcloud/cloud-org-audit-logs) |
0 commit comments