Use audit logs to track activity in your IoT Central application
This article describes how to use audit logs to track who made what changes at what time in your IoT Central applications. You can:
- Sort the audit log.
- Filter the audit log.
- Customize the audit log.
- Manage access to the audit log.
- Export the audit log records.
The audit log records information about who made a change, information about the modified entity, the action that made change, and when the change was made. The log tracks changes made through the UI, programatically with the REST API, and through the CLI.
The log records changes to the following IoT Central entities:
- API tokens
- Application template export
- File upload configuration
- Application customization
- Device enrollment groups
- Device templates
- Device lifecycle events
The log records changes made by the following types of user:
- IoT Central user - the log shows the user's email.
- API token - the log shows the token name.
- Azure Active Directory user - the log shows the user email or ID.
- Service principal - the log shows the service principal name.
The log stores data for 30 days, after which it's no longer available.
The following screenshot shows the audit log view with the location of the sorting and filtering controls highlighted:
Customize the log
Select Column options to customize the audit log view. You can add and remove columns, reorder the columns, and change the column widths:
Sort the log
You can sort the log into ascending or descending timestamp order. To sort, select Timestamp:
Filter the log
To focus on a specific time, filter the log by time range. Select Edit time range and specify the range you're interested in:
To focus on specific entries, filter by entity type or action. Select Filter and use the multi-select drop-downs to specify your filter conditions:
The built-in App Administrator role has access to the audit logs by default. The administrator can grant access to other roles. An administrator can assign either Full control or View audit log permissions to other roles. To learn more, see Manage users and roles in your IoT Central application.
Any user granted permission to view the audit log can see all log entries even if they don't have permission to view or modify the entities listed in the log. Therefore, any user who can view the log can view the identity of and changes made to any modified entity.
You can export the audit log records to various destinations for long-term storage, detailed analysis, or integration with other logs. For more information, see Export IoT data.
To send audit logs to Log Analytics in Azure Monitor, use IoT Central data export to send the audit logs to Event Hubs, and then use an Azure Function to add the audit log data to Log Analytics.
Now that you've learned how to manage users and roles in your IoT Central application, the suggested next step is to learn how to Manage IoT Central organizations.