The audit log is the report of all the activities done in your ToolJet account. It will capture and display events automatically by recording who performed an activity, what when, and where the activity was performed, along with other information such as IP address.
Retrieve the log of events that occurred within the specified date and time range using the range picker. By default, the system loads 24-hour logs for the initial view. The maximum duration that can be specified for the "from" and "to" dates is 30 days.
:::info
Pagination at the bottom allows navigation through the pages, with each page displaying a maximum of 7 logs.
| User | Filter all the User events like `USER_LOGIN`, `USER_SIGNUP`, `USER_INVITE`, AND `USER_INVITE_REDEEM`. |
| App | Filter all the App events like `APP_CREATE`, `APP_UPDATE`,`APP_DELETE`,`APP_IMPORT`,`APP_EXPORT`,`APP_CLONE`. |
| Data Query | Filters the events associated with Data Query like `DATA_QUERY_RUN`. |
| Group Permission | All the events associated with Group Permissions will be filtered. Group Permissions include `GROUP_CREATE`, `GROUP_UPDATE`, `GROUP_DELETE`. |
| App Group Permission | Within each group, you can set apps for read or edit privileges. These events get recorded as App Group Permissions. |
| SET_AS_SUPERADMIN | This event is recorded whenever a user is promoted to super admin. |
| GROUP_PERMISSION_CREATE | This event is recorded whenever a group is created. |
| GROUP_PERMISSION_UPDATE | This event is recorded whenever an app or user is added to or removed from a group, or the permissions for a group are updated. |
| GROUP_PERMISSION_DELETE | This event is recorded whenever a user group is deleted from an account. |
| GROUP_PERMISSION_DUPLICATE | This event is recorded whenever a group and permission is duplicated. |
| USER_ADD_TO_GROUP | This event is recorded whenever a user is added to a group. |
| USER_REMOVE_FROM_GROUP | This event is recorded whenever a user is removed from a group. |
| GRANULAR_PERMISSION_APP_CREATE | This event is recorded whenever an app level granular permission is created. |
| GRANULAR_PERMISSION_APP_UPDATE | This event is recorded whenever an app level granular permission is updated. |
| GRANULAR_PERMISSION_APP_DELETE | This event is recorded whenever an app level granular permission is deleted. |
| GRANULAR_PERMISSION_DATA_SOURCE_CREATE | This event is recorded whenever a data source level permission is created. |
| GRANULAR_PERMISSION_DATA_SOURCE_UPDATE | This event is recorded whenever a data source level permission is updated. |
| GRANULAR_PERMISSION_DATA_SOURCE_DELETE | This event is recorded whenever a data source level permission is deleted. |
| APP_CREATE | This event is recorded when a user creates a new app. |
| APP_UPDATE | This event is recorded whenever actions like renaming the app, making the app public, editing shareable link, or deploying the app are made. |
| APP_PROMOTE | This event is recorded whenever an application's environment is promoted. |
| APP_RELEASE | This event is recorded whenever an application is released. |
| APP_SHARE | This event is recorded whenever an application is shared. |
| APP_PUBLIC_UPDATE | This event is recorded whenever an application is made public. |
| APP_DELETE | This event is recorded whenever a user deletes an app from the dashboard. |
| APP_IMPORT | This event is recorded whenever a user imports an app. |
| APP_EXPORT | This event is recorded whenever an app is exported. |
| APP_CLONE | This event is recorded whenever a clone of the existing app is created. |
| APP_VERSION_CREATE | This event is recorded whenever a new version of an application is created. |
| APP_VERSION_UPDATE | This event is recorded whenever a version of an application is updated. |
| APP_VERSION_DELETE | This event is recorded whenever a version of an application is deleted. |
| action_type | This indicates the type of action that was logged in the event. Refer to [this](#select-actions) for more information on actions. |
| created_at | Shows the date and time when the event was logged. |
| id | Each logged event is assigned a unique event ID. |
| ip_address | Displays the IP address from which the event was logged. |
| metadata | The metadata includes two sub-properties: `tooljet_version` and `user_agent`. `tooljet_version` shows the version of ToolJet used for the event, while `user_agent` contains information about the device and browser used. |
| organization_id | Every organization in ToolJet has a unique ID associated with it, which is recorded when an event occurs. |
| resource_id | Different [resources](#select-resources) have their respective IDs associated with them. These IDs are assigned when the resources are created. |
| resource_name | Shows the name of the [resources](#select-resources) that were involved in the logged event. For example, if an app was created or deleted, it will display the name of that app. |
| resource_type | Indicates the type of the [resources](#select-resources) involved in the logged event. |
| user_id | Each user account in ToolJet has a unique ID associated with it, which is recorded when an event occurs. |
### Log File
The file will contain all the data from audit logs. The log file can be created by specifying the path in the [environment variables](/docs/setup/env-vars). The log file is rotated on a daily basis and is updated dynamically every time a new audit log is generated.
Learn more about **setting up the log file generation** [here](/docs/how-to/setup-rsyslog).
### Log Rotation
The log file is configured to rotate on a daily basis. This means that a new log file will be created every day, ensuring efficient management and organization of audit data.
### Log Redaction
ToolJet implements log redaction to protect sensitive information. By default, the following headers are masked in the logs:
- authorization
- cookie
- set-cookie
- x-api-key
- proxy-authorization
- www-authenticate
- authentication-info
- x-forwarded-for
Additionally, you can specify custom fields to be masked using the `LOGGER_REDACT` environment variable.
| LOGGER_REDACT | Comma-separated list of additional fields to be masked in logs (e.g., req.headers["x-session-id"],req.headers["x-device-fingerprint"]) |
The path for the log file is defined using the `LOG_FILE_PATH` variable in the environment. It's important to understand that this path is relative to the home directory of the machine. For instance, if `LOG_FILE_PATH` is set to `hsbc/dashboard/log`, the resulting log file path will be structured as follows:
Here, `{process_id}` is a placeholder for the unique process identifier, and `{date}` represents the current date. This structured path ensures that audit logs are organized by both process and date, facilitating easy traceability and analysis.
