# Audit Options The **Audit** tab in Data One tracks specific events, noting when they occurred, which user performed the action, and the affected entity. Audit logs are crucial for ensuring user accountability and maintaining system security. ### Audit Tab Overview The **Audit** tab allows administrators to monitor various types of activities, including: * Platform configuration changes. * Actions related to Actors, Users, Contracts, Client Connections, File Event Listeners, etc. * Internal user authentication activities. #### Tracked Actions Some examples of the actions that are tracked and logged include: * Creating, renaming, updating, and deleting entities in Data One * Login and logout activities in Data One * Password changes in Data One * Creating, renaming, updating, and deleting a folder in the HTTP, HTTP and SFTP protocols * Downloading, uploading, renaming and deleting files in the HTTP, HTTP and SFTP protocols * Audit configuration changes For instance, when a user creates a contract, the audit log will record a detailed entry showing the essential parameters, such as the user’s name and the contract ID, ensuring that every action on the platform is thoroughly tracked. ### Managing Audit configuration Administrators can manage the audit configuration by following these steps: 1. Go to **Monitoring** → **Logs** → **Audit** tab. 2. Click on the **Manage** button to open the **Manage** window, allowing you to: 1. **Log configurations changes**: enable or disable auditing. 2. Set **Retention period (in days) \***: define how many days audit data should remain on the platform. By default, 7 days are set. 3. **Archive** audit logs: enable this option to save the audit logs to a file with a **unique name** in the **CEMAN shared folder** after the retention period expires.\ When the **Archive** toggle is enabled, logs are first saved and then deleted from the database.\ If, for any reason, the logs cannot be archived, an error is recorded in the **CEMAN message.log**, and the logs are **not** deleted from the database. When the **Archive** toggle is disabled, logs are not saved. After the retention period expires, they are deleted from the database and are no longer available on the platform. #### Archive file creation and naming When **archiving is enabled** and the **retention period expires**, audit logs are exported and archived according to the following rules: * **One compressed archive file is created for each day** of audit records. * The file format depends on the operating system: * Unix OS: `.csv.gz` * Windows OS: `.zip` Archived files follow this naming format: `AUDIT-ARCHIVE--.(csv.gz | zip)` Where: * `AUDIT-ARCHIVE` is a fixed prefix. * `export end date/time` is the timestamp up to which audit records are exported, in the format `YYYYMMDDHHMISS`. * `file creation date/time` is the timestamp indicating when the archive file is generated, in the format `YYYYMMDDHHMISS`. Example: ``` AUDIT-ARCHIVE-20260401235959-20260403001001.csv.gz ``` In this example: * Audit records are exported on **April 1, 2026 at 23:59:59**. * The archive file is created on **April 3, 2026 at 00:10:01**. ### Permissions Access to audit logs is controlled by specific permissions, listed in the Permissions tab - see the [Creating Internal Users](/data-mover-1.21/security/users-and-groups/create-internal-users.md) page. * **AUDITLOGSVIEW**: it grants the user the ability to view audit logs. Users with this permission can access the audit tab and table. * **AUDITLOGSMANAGE**: it grants the user the ability to modify audit configurations. ### Audit Log Columns #### Default Columns The following columns are always available and cannot be removed from the Audit table: * **Timestamp**: the exact time the event occurred. * **Message Code**: a code assigned to the message shown in the **Message** column. It is useful when searching for specific messages. Refer to the [Audit Message Codes](/data-mover-1.21/logs-and-audit/audit-options/audit-message-codes.md) page for the complete list of codes. * **Message**: the description of the audit event. Details are available on the [Audit Message Codes](/data-mover-1.21/logs-and-audit/audit-options/audit-message-codes.md) page. * **Data One User**: the name of the user who performed the action. * **Audited Operation**: the type of operation that occurred (e.g., create, modify, delete, password change, login, logout, audit enablement/disablement). * **Entity**: the name of the element instance that is generally defined by the user (e.g. CONTRACT FILE PUSH). * For **LOGIN** and **LOGOUT** actions, the entity is the name of the Ceman cluster. * For **PASSWORD CHANGE** actions, the entity is the username of the user whose password was changed. * Entities modified via APIs will also appear in audit entries. Columns can be sorted in ascending or descending order. #### Optional Columns Administrators can enable additional columns by selecting them by clicking the ![](https://files.readme.io/b5409136eada091cded690dcc69e61c32805663afd0b4f3f58657547b0180760-image.png) icon on the toolbar: * **Module**: the module involved in the operation. * **LCID (Log Correlation ID)**: the unique identifier for a session that may span multiple instances. * **DFIID (Dataflow Instance ID)**: the unique identifier of all Data One integration flows. * **Cluster**: the cluster involved. * **Node**: the node involved. * **Entity Type**: the type of entity affected (refer to the [List of Entity Types](/data-mover-1.21/logs-and-audit/audit-options/list-of-audit-entity-types.md) page for a complete list). * For **LOGIN** and **LOGOUT** actions, the entity type is Ceman. * For **PASSWORD CHANGE** actions, the entity type is Internal User or External User. * **Entity ID**: the ID assigned to the instance of the element created by a user (e.g. 102) in Data One. * For **LOGIN** and **LOGOUT** actions, the entity ID is the name of the Ceman Node. * For **PASSWORD CHANGE** actions, the entity ID is the user ID. Columns can be sorted in ascending or descending order. ### Filters Panel The **Filters panel** on the right side of the screen allows you to filter audit logs based on specific criteria and quickly find specific events. Available filters include: * **Time Slot**: filter by the time the event occurred (options: last hour (default), last 4/8/12 hours, or a CUSTOM slot). * **Message Code**: filter by the message code number. * **Message**: filter by keywords in the audit message. * **Select User**: filter by the user who performed the action. Type at least 3 characters and all users matching the entered characters will be listed. Note that the field is **case-insensitive**. * **Audited Operation**: filter by the type of operation (e.g., create, modify, delete). * **Entity**: filter by the entity type (e.g., contract, user). * **Advanced**: filter by additional fields associated with non-default columns, such as Module, LCID, Cluster, Node, Entity Type, and Entity ID. ### Export Audit logs can be exported to external files for further analysis. Users can export audit logs via the Command Line Interface (CLI) that is documented in the [Export audit logs](/data-mover-1.21/logs-and-audit/audit-options/export-audit-logs.md) page. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.21/logs-and-audit/audit-options.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.