Auditing in JIRA applications

About auditing in JIRA applications

The auditing feature tracks key activities in JIRA applications. These activities are recorded in an audit log that can be viewed in the JIRA administration console. This can be a handy tool in helping you diagnose problems in JIRA applications or used for security purposes.

The following information is audited by JIRA applications:

  • LDAP synchronization
  • user management
  • group management
  • project changes
  • board changes
  • sprint changes
  • permission changes
  • workflow changes
  • notification scheme changes
  • screen changes
  • custom field changes
  • workflow changes

On this page:

The audit log is not intended to record all activity in JIRA applications, as can be seen above. For example, it does not track issue updates or pages that are viewed by a user. Rather, the audit log is intended to record configuration changes that can impact users and projects. The full list of events recorded by JIRA applications can be seen below.

Viewing the audit log

  1. Log in as a user with the JIRA Administrators global permission.
  2. Choose  > System > Audit Log.
  3. The following events are audited:

    CategoryEvents
    Auditingauditing enabled, auditing disabled
    LDAP synchronizationLDAP synchronization
    User managementuser added, user removed, user changed
    Group managementgroup added, group removed, user added to group, user removed from group
    Project changesproject created, project removed, project updated
    Board changesboard created, board deleted
    Sprint changessprint deleted
    Permission changesscheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, permission added to scheme, permission removed from scheme, global permission added to a group, global permission removed from a group
    Workflow  changesscheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, workflow created, workflow copied, workflow removed, workflow renamed, workflow draft published
    Notification changesscheme created, scheme copied, scheme removed, scheme edited, scheme added to project, scheme removed from project, notification added to scheme, notification removed from scheme
    Screen changesscheme created, scheme copied, scheme removed, scheme edited, scheme added to project, scheme removed from project, screen added to scheme, screen removed from scheme, screen field configuration changed
    Custom field changescustom field created, custom field updated, custom field removed, scheme added to project, scheme removed from project
    Workflow changesStatus added, status updated, status deleted, transition added, transition updated, transition deleted

Notes:

  • The audit log cannot be sorted. Try exporting the data and opening it in a spreadsheet to manipulate the data.

Hiding external directory user events (LDAP/Crowd events)

By default, the audit log will display all recorded events. However, you can choose to hide external directory user events (those triggered by LDAP or Crowd) from view. These events are still recorded, and will still be available for export.

  1. Log in as a user with the JIRA Administrators global permission.
  2. Choose  > System > Audit Log
  3. Select Actions > Audit Log Settings.
  4. Check the Hide events from external user directories checkbox to hide the user events.

Modifying the audit log retention period

Auditing is always enabled in JIRA applications. However, you can configure how long audit events are retained.

  1. Log in as a user with the JIRA Administrators global permission.
  2. Choose  > System > Audit Log.
  3. Select Actions > Audit Log Settings.
  4. Choose your retention period.

Exporting the audit log

You can export the audit log as a text file. When you export the audit log, all the events are included in the export, even if you currently have filtered the audit log results in the page.

  1. Log in as a user with the JIRA Administrators global permission.
  2. Choose  > System > Audit Log
  3. Select Export.

Auditing and the REST API

The audit log can also be accessed via the REST API. You may use this to:

  • Export the audit log
  • Add events to the audit log triggered by external plugins

For more information on using the REST API, please refer to the JIRA REST documentation for your appropriate version of JIRA within the developer documentation here.

Last modified on May 8, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.