You are viewing documentation for the development version, it may be incomplete.
Join our translation project and help translate Zabbix documentation into your native language.

5 Audit log

Overview

In the ReportsAudit log section, the records of user and system activity can be viewed.

For audit records to be collected and displayed, the Enable audit logging checkbox has to be marked in the AdministrationAudit log section. Without this setting enabled, the history of activities will not be recorded in the database and will not be shown in the audit log.

Audit log displays the following data:

Column Description
Time Timestamp of the audit record.
User User who performed the activity.
IP IP from which the activity was initiated.
Clicking on the hyperlink will result in filtering audit log records by this IP.
Resource Type of the affected resource (All, API token, Action, Authentication, Autoregistration, etc.).
ID ID of the affected resource.
Clicking on the hyperlink will result in filtering audit log records by this resource ID.
Action Type of the activity (Add, Configuration refresh, Delete, Execute, Failed login, History clear, Login, Logout, Push, Update).
Recordset ID Shared ID for all audit log records created as a result of the same operation.
For example, when linking a template to a host, a separate audit log record is created for each inherited template entity (item, trigger, etc.) - all these records will have the same Recordset ID.
Clicking on the hyperlink will result in filtering audit log records by this Recordset ID.
Details Description of the resource and detailed information about the performed activity.
If a record contains more than two rows, an additional Details link will be displayed. Click on this link to view the full list of changes.

When a trapper item or an HTTP agent item (with trapping enabled) has received some data, an entry in the audit log will be added only if the data was sent using the history.push API method, and not the Zabbix sender utility.

Using filter

The filter is located below the Audit log bar. It can be opened and collapsed by clicking the Filter tab in the upper right corner.

You may use the filter to narrow the records by user, affected resource, resource ID, performed operation (Recordset ID), and IP. Depending on the resource, one or more specific actions can be selected in the filter.

For better search performance, all data is searched with macros unresolved.

Time period selector

The Time period selector allows to select often required periods with one mouse click. The Time period selector can be expanded and collapsed by clicking the Time period tab in the upper right corner.