Cloud
Data Center 9.4
Versions

Audit log events

View and configure the audit log

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

The auditing component of Bitbucket Data Center will log many different events that occur when being used. Events have been assigned a coverage level to reflect the number and frequency of events that are logged – these levels can be used to control how much information is added to the audit log file. For example, if you have an instance under high load and no need for auditing in certain coverage areas, you may wish to turn audit logging off by selecting Off in the Audit log settings page. Learn more about these settings in View and configure the audit log.

Coverage levels available with a Data Center license:

  • Off: Turns off logging events from this coverage area.
  • Base: Logs low-frequency and some of the high-frequency core events from selected coverage areas.
  • Advanced: Logs the core events as well as the low and medium frequency events from the coverage areas.
  • Full: Logs all the events available in Base and Advanced, plus additional events for a comprehensive audit.

The events generated by external apps that call Jira REST API that fall into the Apps coverage area are not listed here because they are app-dependent.

The following tables provide lists of new and legacy event summaries for all coverage levels and categories. 

On this page:

Global configuration and administration coverage area

Global administration category 

Base

Base URL changed (BaseUrlChangedEvent)
Database migration cancelled (MigrationCanceledEvent)
Database migration failed (MigrationFailedEvent)
Database migration started (MigrationStartedEvent)
Database migration succeeded (MigrationSucceededEvent)
Elasticsearch full sync started (ElasticsearchFullSynchronisationAuditEvent)
Elasticsearch settings changed (ElasticsearchConfigurationChangeAuditEvent)
Global secret scanning deleted (SecretScanningRuleDeletedEvent)
Global secret scanning rule created (SecretScanningRuleCreatedEvent)
Global secret scanning rule updated (SecretScanningRuleUpdatedEvent)
HTTP access to SCM hosting changed (HttpScmHostingChangedEvent)
Instance setup completed (ApplicationSetupEvent)
Jira site config created (JiraSiteConfigCreatedEvent)
Jira site config deleted (JiraSiteConfigDeletedEvent)
Jira site config updated (JiraSiteConfigUpdatedEvent)
Mail server changed (MailHostConfigurationChangedEvent)
Mesh migration finished
Mesh migration started
Mesh node registered (MeshNodeRegisteredEvent)
Mesh node unregistered (MeshNodeUnregisteredEvent)
Mirror disabled (MirrorDisabledEvent)
Mirror enabled (MirrorEnabledEvent)
Mirror installed (MirrorInstalledEvent)
Mirror uninstalled (MirrorUninstalledEvent)
Mirroring request accepted (MirroringRequestAcceptedEvent)
Mirroring request received (MirroringRequestCreatedEvent)
Mirroring request rejected (MirroringRequestRejectedEvent)
Product license changed (LicenseChangedEvent)
Resource throttled (TicketRejectedEvent)
Server email address changed (ServerEmailAddressChangedEvent)
Server name changed (DisplayNameChangedEvent)
Server time zone changed (ServerTimeZoneChangedEvent)
SSH key global expiry changed (SshKeysGlobalExpiryChangedEvent)
SSH key min length changed (SshKeyMinLengthChangedEvent)
System backup cancelled (BackupCanceledEvent)
System backup failed (BackupFailedEvent)
System backup started (BackupStartedEvent)
System backup succeeded (BackupSucceededEvent)
System signing configuration changed (SystemSigningConfigurationChangedEvent)
X.509 certificate created (X509CertificateCreatedEvent)
X.509 certificate deleted (X509CertificateEvent)

Advanced

Announcement banner created (AnnouncementBannerCreatedEvent)
Announcement banner deleted AnnouncementBannerDeletedEvent)
Announcement banner updated (AnnouncementBannerUpdatedEvent)
Application link created (ApplicationLinkAddedEvent)
Application link deleted (ApplicationLinkDeletedEvent)
Application link edited (ApplicationLinkUpdatedEvent)
Default rate limiting settings changed (DefaultRateLimitSettingsModifiedEvent)
LFS disabled (GitLfsFeatureDisabledEvent)
LFS enabled (GitLfsFeatureEnabledEvent)
Logging settings disabled (LoggingSettingsDisabledEvent)
Logging settings enabled (LoggingSettingsEnabledEvent)
Profiling settings disabled (ProfilingSettingsDisabledEvent)
Profiling settings enabled (ProfilingSettingsEnabledEvent)
Rate limiting disabled (RateLimitingDisabledEvent)
Rate limiting enabled (RateLimitingEnabledEvent)
SSH settings changed (SshConfigurationChangedEvent)
User rate limiting settings changed (UserRateLimitSettingsModifiedEvent)
User rate limiting settings created (UserRateLimitSettingsCreatedEvent)
User rate limiting settings deleted (UserRateLimitSettingsDeletedEvent)

FullNo additional events available

Apps category

BasePlugin disabled (PluginDisabledEvent)
Plugin enabled (PluginEnabledEvent)
Plugin uninstalled (PluginUninstalledEvent)
Plugin upgraded (PluginUpgradedEvent)
Advanced

No additional events available

FullPlugin container unavailable (PluginContainerUnavailableEvent)
Plugin framework started (PluginFrameworkStartedEvent)
Plugin module available (PluginModuleAvailableEvent)
Plugin module disabled (PluginModuleDisabledEvent)
Plugin module enabled (PluginModuleEnabledEvent)
Plugin module unavailable (PluginModuleUnavailableEvent)

Data pipeline category

Coverage levelEvents logged
BaseNo events available
Advanced

Full data export cancelled
Full data export triggered
Full data export failed
Unauthorized full data export triggered
Custom export path set
Custom export path removed

Full
No events available

User management coverage area

Users and groups category

BaseGPG key added (GpgKeyCreatedEvent)
GPG key deleted (GpgKeyDeletedEvent)
Group added to user group (GroupMembershipsCreatedEvent)
Personal access token changed (AccessTokenModifiedEvent)
Personal access token created (AccessTokenCreatedEvent)
Personal access token deleted (AccessTokenDeletedEvent)
SSH access key created for personal key (SshKeyCreatedEvent)
SSH access key deleted for personal key (SshKeyDeletedEvent)
User added to user group ((GroupMembershipsCreatedEvent)
User automatically created (AutoUserCreatedEvent)
User automatically deleted from user group (AutoGroupMembershipDeletedEvent)
User created (UserCreatedEvent)
User created from directory sync (UserCreatedFromDirectorySynchronisationEvent)
User deleted (UserDeletedEvent)
User deleted from user group (GroupMembershipDeletedEvent)
User directory created (DirectoryCreatedEvent)
User directory deleted (DirectoryDeletedEvent)
User erased (UserErasedEvent)
User group automatically created (AutoGroupCreatedEvent)
User group created (GroupCreatedEvent)
User group deleted (GroupDeletedEvent)
User group updated (GroupUpdatedEvent)
User password changed UserCredentialUpdatedEvent)
Username changed (UserRenamedEvent)
Advanced

User details export failed (UserExportFailedEvent, extraAttribute withPermissions=false)
User details export started (UserExportStartedEvent, extraAttribute withPermissions = false)
User details exported (UserExportSucceededEvent, extraAttribute withPermissions=false)
User permissions export failed (UserExportFailedEvent, extraAttribute withPermissions=true)
User permissions export started (UserExportStartedEvent, extraAttribute withPermissions = true)
User permissions exported (UserExportSucceededEvent, extraAttribute withPermissions=true)

Full

No additional events available

Permission coverage area

Permissions category

Base

Global permission change request (GlobalPermissionModificationRequestedEvent)
Global permission changed (GlobalPermissionModifiedEvent)
Global permission granted (GlobalPermissionGrantedEvent)
Global permission remove request (GlobalPermissionRevocationRequestedEvent)
Global permission removed
Global permission requested (GlobalPermissionGrantRequestedEvent)
Project permission change request ( ProjectPermissionModificationRequestedEvent)
Project permission changed ( ProjectPermissionModifiedEvent)
Project permission granted ( ProjectPermissionGrantedEvent)
Project permission remove request ( ProjectPermissionRevocationRequestedEvent)
Project permission removed ( ProjectPermissionRevokedEvent)
Project permission requested  ( ProjectPermissionGrantRequestedEvent)
Repository archive policy changed ( RepositoryArchivePolicyChangedEvent)
Repository cascading merge configuration changed (RepositoryCascadingMergeConfigUpdatedEvent)
Repository delete policy changed ( RepositoryDeletePolicyChangedEvent)
Repository permission change request ( RepositoryPermissionModificationRequestedEvent)
Repository permission changed ( RepositoryPermissionModifiedEvent)
Repository permission granted ( RepositoryPermissionGrantedEvent)
Repository permission remove request ( RepositoryPermissionRevocationRequestedEvent)
Repository permission removed (RepositoryPermissionRevokedEvent)
Repository permission requested ( RepositoryPermissionGrantRequestedEvent)

Advanced

No additional events available

Full

No additional events available

Local configuration and administration coverage area

Personal category

BaseSSH key edited for personal key (SShKeyEditedEvent)

Projects category

Base

All project default tasks deleted (DefaultTaskBulkDeletedEvent)
Hook changed (HookScriptUpdatedEvent)
Hook configuration removed (HookScriptConfigurationRemovedEvent)
Hook configuration set (HookScriptConfigurationSetEvent)
Hook created (HookScriptCreatedEvent)
Hook deleted (HookScriptDeletedEvent)
Hook deleted by app (HookScriptsDeletedByPluginKeyEvent)
Project auto-decline settings changed (ProjectAutoDeclineSettingsUpdatedEvent)
Project auto-decline settings created (ProjectAutoDeclineSettingsCreatedEvent)
Project auto-decline settings deleted (ProjectAutoDeclineSettingsDeletedEvent)
Project cascadingmerge configuration changed (RepositoryCascadingMergeConfigUpdatedEvent)
Project avatar changed (ProjectAvatarUpdatedEvent)
Project auto-merge settings changed (AutoMergeSettingsUpdatedEvent)
Project auto-merge settings created (AutoMergeSettingsCreatedEvent)
Project auto-merge settings deleted (AutoMergeSettingsDeletedEvent)
Project branch model created (ProjectBranchModelConfigurationCreatedEvent)
Project branch model deleted (ProjectBranchModelConfigurationDeletedEvent)
Project branch model updated (ProjectBranchModelConfigurationUpdatedEvent)
Project branch permission added (ProjectRefRestrictionAddedEvent)
Project branch permission deleted (ProjectRefRestrictionDeletedEvent)
Project branch permission updated (ProjectRefRestrictionUpdatedEvent)
Project code insight condition added (ProjectInsightReportConditionAddedEvent)
Project code insight condition changed (ProjectInsightReportConditionUpdatedEvent)
Project code insight condition deleted (ProjectInsightReportConditionDeletedEvent)
Project created (ProjectCreatedEvent)
Project creation requested (ProjectCreationRequestedEvent)
Project default reviewers added (ProjectPullRequestConditionCreatedEvent)
Project default reviewers deleted (ProjectPullRequestConditionDeletedEvent)
Project default reviewers updated (ProjectPullRequestConditionUpdatedEvent)
Project default tasks added (DefaultTaskAddedEvent)
Project default tasks deleted (DefaultTaskDeletedEvent)
Project default tasks updated (DefaultTaskModifiedEvent)
Project deleted (ProjectDeletedEvent)
Project deletion requested (ProjectDeletionRequestedEvent)
Project imported (ProjectImportedEvent)
Project Jira issues configuration created (IssueValidationConfigurationCreatedEvent)
Project Jira issues configuration deleted (IssueValidationConfigurationDeletedEvent)
Project Jira issues configuration updated (IssueValidationConfigurationUpdatedEvent)
Project secret scanning allowlist rule added (SecretScanningAllowlistRuleCreatedEvent)
Project secret scanning allowlist rule deleted (SecretScanningAllowlistRuleDeletedEvent)
Project secret scanning allowlist rule updated (SecretScanningAllowlistRuleUpdatedEvent)
Project secret scanning rule created (SecretScanningRuleCreatedEvent)
Project secret scanning rule deleted (SecretScanningRuleDeletedEvent)
Project secret scanning rule updated (SecretScanningRuleUpdatedEvent)
Project settings change requested (ProjectModificationRequestedEvent)
Project settings changed (ProjectModifiedEvent)
Project settings restriction created (ProjectSettingsRestrictionCreatedEvent)
Project settings restriction deleted (ProjectSettingsRestrictionDeletedEvent)
Project webhook created (InternalProjectWebhookCreatedEvent)
Project webhook deleted (InternalProjectWebhookDeletedEvent)
Project webhook changed (InternalProjectWebhookModifiedEvent)
Secret scanning exempt repository added (SecretScanningExemptRepoAddedEvent)
Secret scanning exempt repository removed (SecretScanningExemptRepoDeletedEvent)
SSH access key added to project (SshAccessKeyGrantedEvent)
SSH access key deleted from project (SshAccessKeyRevokedEvent)
SSH access key edited for project (SshAccessKeyEditedEvent)

Advanced

Project pull request merge config deleted (ProjectPullRequestMergeConfigDeletedEvent)
Project pull request merge config updated (ProjectPullRequestMergeConfigUpdatedEvent)
Pull request description template created (PullRequestTemplateCreatedEvent)
Pull request description template deleted (PullRequestTemplateDeletedEvent)
Pull request description template updated (PullRequestTemplateUpdatedEvent)
Pull request reviewer group created (ReviewerGroupCreatedEvent)
Pull request reviewer group deleted (ReviewerGroupDeletedEvent)
Pull request reviewer group updated (ReviewerGroupUpdatedEvent)

Full

No additional events available

Repositories category

Base

Repository auto-merge settings changed (AutoMergeSettingsUpdatedEvent)
Repository auto-merge settings created (AutoMergeSettingsCreatedEvent)
Repository auto-merge settings deleted (AutoMergeSettingsDeletedEvent)
Repository created (RepositoryCreatedEvent)
Repository failed to create (RepositoryCreationFailedEvent)
Default branch changed (RepositoryDefaultBranchModifiedEvent)
Repository deleted (RepositoryDeletedEvent)
Repository deletion requested (RepositoryDeletionRequestedEvent)
Repository forked (RepositoryForkedEvent)
Repository fork failed (RepositoryForkFailedEvent)
Repository hook deleted (RepositoryHookDeletedEvent)
Repository hook disabled (RepositoryHookDisabledEvent)
Repository hook enabled (RepositoryHookEnabledEvent)
Repository hook settings changed (RepositoryHookSettingsChangedEvent)
Repository imported (RepositoryImportedEvent)
Repository change requested (RepositoryModificationRequestedEvent)
Repository settings changed (RepositoryModifiedEvent)
Elasticsearch repository sync completed (ElasticsearchRepositorySynchronisationAuditEvent)
Repository branch model created (RepositoryBranchModelConfigurationCreatedEvent)
Repository branch model deleted (RepositoryBranchModelConfigurationDeletedEvent)
Repository branch model updated (RepositoryBranchModelConfigurationUpdatedEvent)
Repository branch permission added (RepositoryRefRestrictionAddedEvent)
Repository branch permission deleted (RepositoryRefRestrictionDeletedEvent)
Repository branch permission updated (RepositoryRefRestrictionUpdatedEvent)
Repository code insight condition added (RepositoryInsightReportConditionAddedEvent)
Repository code insight condition deleted (RepositoryInsightReportConditionDeletedEvent)
Repository code insight condition changed (RepositoryInsightReportConditionUpdatedEvent)
Repository default reviewers added (RepositoryPullRequestConditionCreatedEvent)
Repository default reviewers deleted (RepositoryPullRequestConditionDeletedEvent)
Repository default reviewers updated (RepositoryPullRequestConditionUpdatedEvent)
Repository auto-decline settings created (RepositoryAutoDeclineSettingsCreatedEvent)
Repository auto-decline settings deleted (RepositoryAutoDeclineSettingsDeletedEvent)
Repository auto-decline settings changed (RepositoryAutoDeclineSettingsUpdatedEvent)
Repository required build merge check created (RequiredBuildConditionCreatedEvent)
Repository required build merge check deleted (RequiredBuildConditionDeletedEvent)
Repository required build merge check updated (RequiredBuildConditionUpdatedEvent)
Branch deletion on merge enabled
Branch deletion on merge disabled
Branch deletion on merge inherited from project
Repository Jira issues configuration created (IssueValidationConfigurationCreatedEvent)
Repository Jira issues configuration deleted (IssueValidationConfigurationDeletedEvent)
Repository Jira issues configuration updated (IssueValidationConfigurationUpdatedEvent)
Repository default tasks added (DefaultTaskAddedEvent)
Repository default tasks deleted (DefaultTaskDeletedEvent)
Repository default tasks updated (DefaultTaskModifiedEvent)
All repository default tasks deleted (DefaultTaskBulkDeletedEvent)
Repository webhook created (InternalRepositoryWebhookCreatedEvent)
Repository webhook deleted (InternalRepositoryWebhookDeletedEvent)
Repository webhook changed (InternalRepositoryWebhookModifiedEvent)
Repository secret scanning rule created (SecretScanningRuleCreatedEvent)
Repository secret scanning rule deleted (SecretScanningRuleDeletedEvent)
Repository secret scanning rule updated (SecretScanningRuleUpdatedEvent)
Repository secret scanning allowlist rule added (SecretScanningAllowlistRuleCreatedEvent)
Repository secret scanning allowlist rule deleted (SecretScanningAllowlistRuleDeletedEvent)
Repository secret scanning allowlist rule updated (SecretScanningAllowlistRuleUpdatedEvent)
SSH access key added to repo (SshAccessKeyGrantedEvent)
SSH access key deleted from repo (SshAccessKeyRevokedEvent)
SSH access key edited for repo(SshAccessKeyEditedEvent)

Advanced

Pull request reviewer group created (ReviewerGroupCreatedEvent)
Pull request reviewer group deleted (ReviewerGroupDeletedEvent)
Pull request reviewer group updated (ReviewerGroupUpdatedEvent)
Repository LFS disabled (GitLfsDisabledEvent)
Repository LFS enabled (GitLfsEnabledEvent)
Repository pull request merge config deleted (RepositoryPullRequestMergeConfigDeletedEvent)
Repository pull request merge config updated (RepositoryPullRequestMergeConfigUpdatedEvent)
Repository transcode diff setting disabled (GitTranscodeDiffDisabledEvent)
Repository transcode diff setting enabled (GitTranscodeDiffEnabledEvent)

Full

No additional events available

System category

BaseNo additional events available
Advanced

SCM pull request merge config deleted (ScmPullRequestMergeConfigDeletedEvent)
SCM pull request merge config updated (ScmPullRequestMergeConfigUpdatedEvent)

Full

No additional events available

Security coverage area

Auditing category

Base

Audit log configuration updated
Audit log exported
Audit log search performed

Advanced

No events available

Full

No events available

Authentication category

Base

Websudo authentication failed

Advanced

User logged out (LogoutSuccessEvent)
User login failed (AuthenticationFailureEvent)
User login failed (SSH) (SshAuthenticationFailureEvent)

Full User logged in (AuthenticationSuccessEvent)
User logged in (SSH) (SshAuthenticationSuccessEvent)

Security category

Base

Secret detected (SecretDetectedEvent)
Secret scanning commit limit reached (SecretScanningCommitLimitReachedEvent)
Secret scanning incomplete (SecretScanningIncompleteEvent)

Advanced

Unauthorized access to a resource (AuthorizationFailureEvent)

FullNo events available

Two-step verification configuration category

Base

User enabled two-step verification

User disabled two-step verification

User reset two-step verification authentication app

User regenerated two-step verification recovery key

System admin disabled two-step verification for user

Advanced

No events available

FullNo events available

Identity verification category

Base

Admin logged in without two-step verification

Failed login attempt with two-step verification

Successful login attempt with two-step verification

Failed session elevation

Successful session elevation

User rate-limited from failed two-step verification attempts

Advanced

No events available

FullNo events available

End user activity coverage area

Repositories category

Base Repository accessed by user (RepositoryAccessedEvent)
Run build (AnalyticsActionRunEvent)
Advanced

Branch created (BranchCreatedEvent)
Branch deleted (BranchDeletedEvent)
Diff succeeded (DiffSuccessfulEvent)
Git archive created (ContentArchiveSuccessfulEvent)
Git archive failed (ContentArchiveFailedEvent)
Repository notification settings updated (RepositoryNotificationSettingsUpdatedEvent)
Repository watcher added (RepositoryWatcherAddedEvent)
Repository watcher removed (RepositoryWatcherRemovedEvent)

FullChanges pushed to repository (RepositoryPushEvent)
Changes read from repository (RepositoryOtherReadEvent)
Git hook activity (RepositoryHookEvent)
Repository cloned (RepositoryCloneEvent)
Repository pulled (RepositoryPullEvent)
Repository written to (RepositoryOtherWriteEvent)

Pull requests category

Base

Cascading merge failed (CascadingMergeStoppedEvent)
Cascading merge succeeded (CascadingMergeSucceededEvent)
Pull request approved by participant (PullRequestParticipantApprovedEvent)
Pull request auto-merge requested (PullRequestAutoMergeRequestedEvent)
Pull request auto-merge canceled (PullRequestAutoMergeCancelledEvent)
Pull request declined (PullRequestDeclinedEvent)
Pull request deleted (PullRequestDeletedEvent)
Pull request draft changed (PullRequestUpdatedEvent)
Pull request merged (PullRequestMergedEvent)
Pull request open request (PullRequestOpenRequestedEvent)
Pull request opened (PullRequestOpenedEvent)
Pull request participants changed (PullRequestParticipantsUpdatedEvent)
Pull request reopened (PullRequestReopenedEvent)
Pull request reviewed by participant (PullRequestParticipantReviewedEvent)
Pull request reviewers changed (PullRequestReviewersUpdatedEvent)
Pull request unapproved by participant (PullRequestParticipantUnapprovedEvent)

Advanced

Pull request filters used (PullRequestFilterEvent)
Pull request rebased (PullRequestRebasedEvent)
Pull request watcher added (PullRequestWatcherAddedEvent)
Pull request watcher removed (PullRequestWatcherRemovedEvent)

Full

Pull request comment changed (PullRequestCommentEditedEvent)
Pull request comment created (PullRequestCommentAddedEvent)
Pull request comment deleted (PullrequestCommentDeletedEvent)
Pull request comment reply added (PullRequestCommentRepliedEvent)
Pull request task changed (PullRequestTaskEditedEvent)
Pull request task created (PullRequestTaskAddedEvent)
Pull request task deleted (PullRequestTaskDeletedEvent)

Search category

Base

No events available

Advanced

No events available

Full

Code search succeeded (CodeSearchSuccessfulEvent)
Repository search succeeded (RepositoriesSearchSucessfulEvent)

Apps category

This category is for auditing events generated by third-party apps.

Bitbucket Data Center customers can set the configuration property  audit.legacy.events.logging.forced=true to move the following events from Full to Base level:

  • Plugin container unavailable, Plugin module disabled, Plugin module enabled, Plugin module available, Plugin framework started
  • User log in failed, User logged in, User logged in (SSH)
  • Repository read event, Repository write event, Repository pull event, Repository push event, Git hook activity, Repository cloned

Note that adding these events to Base can significantly increase the size of the audit log.

Last modified on Dec 18, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.