Entries for changes made are missing from the audit logs in Bitbucket Data Center.
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Sometimes, you might not be able to find the audit logs for changes made in the Bitbucket Data Center.
Audit logs can be accessed from both the database (table: AO_C77861_AUDIT_ENTITY) and the `<Bitbucket_home>/log/audit` folder. The database can hold up to 10 million records to prevent performance issues. To manage this, audit logs are also stored as JSON files in the `<Bitbucket_home>/log/audit` directory. The amount of audit logs stored here depends on the settings configured under "Admin > Audit logs > 3 dots > Settings," where you can check the "Audit log file retention" options.
Environment
7.x,8.x
.
Diagnosis
Reproduce the Issue: For example, remove a user from project permissions and check if this action appears in the audit logs.
Verify Audit Log Capture: If the changes appear in the audit logs, the system is functioning as expected, and the issue may lie elsewhere.
Cause
- Check the coverage level set in your instance by navigating to "Admin > Audit logs > 3 dots > Settings,"
- The event you're looking for occurred before the audit logs were rotated.
- Direct changes made to the database.
Solution
Cause 1: Ensure that the coverage level set in audit log settings(Admin > Audit logs > 3 dots > Settings) of your instance include the audit event you are trying to track.
Cause 2: Examine the date of the last audit record in the AO_C77861_AUDIT_ENTITY table and the oldest audit log file present in the <Bitbucket_home>/log/audit folder. If the logs have been rotated and the event occurred before that date, you may not be able to find the event.
Cause 3: When the database is modified directly, those changes are not captured in Bitbucket audit logs For instance, directly modifying the `sta_project_permission` table to change project permissions would not be captured in the audit logs, as the changes did not occur through Bitbucket but were made directly on the database. in such cases the database may have recorded the update queries executed on the database table. We recommend checking with the database team to determine the same.