Auditing in Jira applications

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

About auditing in Jira applications

The auditing feature tracks key activities in Jira applications. These activities are recorded in an audit log that can be viewed in the Jira administration console. This can be a handy tool in helping you diagnose problems in Jira applications or used for security purposes.

The following information is audited by Jira applications:

  • LDAP synchronization
  • user management
  • group management
  • project changes
  • permission changes
  • workflow changes
  • notification scheme changes
  • screen changes
  • custom field changes

The audit log is not intended to record all activity in Jira applications, as can be seen above. For example, it does not track issue updates or pages that are viewed by a user. Rather, the audit log is intended to record configuration changes that can impact users and projects. The full list of events recorded by Jira applications can be seen below.

Viewing the audit log

  1. Log in as a user with the Administer Jira   global permission .
  2. Choose the Jira icon (, or ) > Jira settings > System > Audit Log
  3. The following events are audited:

    Category Events
    Auditing Auditing enabled, auditing disabled
    LDAP synchronization LDAP synchronization
    User management User added, user removed, user changed
    Group management Group added, group removed, user added to group, user removed from group
    Project changes Project created, project removed, project updated
    Permission changes scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, permission added to scheme, permission removed from scheme, global permission added to a group, global permission removed from a group
    Workflow  changes Scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, workflow created, workflow copied, workflow removed, workflow renamed, workflow draft published
    Notification changes Scheme created, scheme copied, scheme removed, scheme edited, scheme added to project, scheme removed from project, notification added to scheme, notification removed from scheme.
    Screen changes No events recorded.
    Custom field changes Custom field created, custom field updated, custom field removed, scheme added to project, scheme removed from project
  • You can't sort the audit log. You can export the data to .csv and open it in a spreadsheet application to manipulate the data.
  • There's a known issue which prevents the Author field from displaying the username for changes that were made in the user management pages in Jira cloud applications (including changes to users, groups, and application access). For example, events such as users being created or users being assigned to groups will not include the username of the user who made that change.

Hiding external directory user events (LDAP/Crowd events)

By default, the audit log will display all recorded events. However, you can choose to hide external directory user events (those triggered by LDAP or Crowd) from view. These events are still recorded, and will still be available for export.

  1. Log in as a user with the Administer Jira   global permission .
  2. Choose the Jira icon (, or ) > Jira settings > System > Audit Log
  3. Select Actions > Audit Log Settings.
  4. Check the  Hide events from external user directories checkbox to hide the user events.

Modifying the audit log retention period

Auditing is always enabled in Jira applications. However, you can configure how long audit events are retained.

  1. Log in as a user with the Administer Jira   global permission .
  2. Choose the Jira icon (, or ) > Jira settings > System > Audit Log
  3. Select Actions > Audit Log Settings.
  4. Choose your retention period.

Exporting the audit log

You can export the audit log as a text file. When you export the audit log, all the events are included in the export, even if you currently have filtered the audit log results in the page.

  1. Log in as a user with the Administer Jira   global permission .
  2. Choose the Jira icon (, or ) > Jira settings > System > Audit Log
  3. Select Export.

Auditing and the REST API

The audit log can also be accessed via the REST API. You may use this to:

  • Export the audit log
  • Add events to the audit log triggered by external plugins

For more information on using the REST API, please refer to the Jira REST documentation for your appropriate version of Jira within the developer documentation here .

Last modified on Feb 28, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.