Audit Log Events in Confluence

Auditing in Confluence

On this page

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community

This page outlines the auditing events available in Confluence Server and Data Center, and which events fall into each coverage level.

For more information about how auditing works, see Auditing in Confluence.

Definitions

Coverage area

A coverage area is a grouping of events related to a similar theme.

See definitions

Coverage area

Definition

Global configuration and administration

Logs instance or system admin activity around instance administration or configuration such as platform changes or upgrades to global settings.

User management

Logs activity around users, groups, memberships, and roles, such as adding and removing users and groups.

Permissions

Log activity around local and global permissions and configurations such as changing to anonymous access or updating group permissions.

Local configuration and administration

Logs admin activity around spaces, such as creating or deleting a space.

Security

Logs user actions related to security such as authentication, or granting access to a restricted page.

End user activity (Data Center only)

Logs end user activity on your site, such as user actions on a page (creating, editing, commenting), searching, or viewing pages.

Category

A category is a grouping of related events. Categories can belong to multiple coverage areas.

Coverage level

Coverage levels allow you to control which events are logged. Some levels are only available with a Data Center license.

See definitions


Coverage level

Definition

Off

Turns off logging for this coverage area.

Base

The lowest level of coverage. Logs only the core events. Base coverage provides a minimum level of insight into your site’s activity. If you have a Confluence Server license, this is the only coverage level available.

Advanced (Data Center only)

Logs all the events covered in Base, plus additional events.

Advanced coverage provides a more detailed record of your site’s activity.

Full (Data Center only)

The highest level of coverage available. Logs all events in Base and Advanced.

Depending on your site's activity, setting your coverage level to Full can generate a large volume of events, which can impact your database and disk space.


Global configuration and administration

Coverage level
Category
Events logged

Base

Global administration

Mail server created
Mail server deleted
Mail server edited
Max cache size changed
Licence updated
Global settings changed
Site import
Site export
Site logo changed
Favicon changed
Favicon reset to default
Custom stylesheet added
Custom stylesheet removed
Theme changed
Custom decorator modified
Color scheme modified
Color scheme type changed
Security configuration updated

Apps

App installed
App uninstalled
App enabled
App disabled
App module enabled
App module disabled

Page templates

Page template updated
Page template created
Page template deleted

Advanced

Global administration

Mobile apps configuration updated
Read-only mode configuration changed
Banner configuration changed
Collaborative editing mode changed
Synchrony restarted
Mail queue flushed
Mail queue: error queue re-sent
Mail queue: error queue deleted
Whitelist turned on
Whitelist turned off
Whitelist URL added
Whitelist URL removed
Whitelist URL updated
Security configuration updated
Application navigator link added
Application navigator link removed
Application navigator link updated
Scheduled job enabled
Scheduled job disabled
Scheduled job edited
Scheduled job run manually
Application link created
Application link edited
Application link removed
Rate limiting settings updated
Rate limiting exemption added
Rate limiting exemption removed
Rate limiting exemption edited
CDN configuration

Full

No additional events available

User management

Coverage level
Category
Events logged
Base

Users and groups

User created
User deleted
User renamed
User details updated
User requested password reset
Group created
Group deleted
User added to group
User removed from group
User directory created
User directory deleted
User directory updated

AdvancedUsers and groupsUser was invited to join site
FullNo additional events available

Permissions

Coverage level
Category
Events logged
Base

Permissions


Space permission removed
Space permission added
Global permission removed
Global permission added

AdvancedNo additional events available
FullNo additional events available

Local configuration and administration

Coverage level
Category
Event
Base

Pages and blogs

Page hierarchy copy started
Page hierarchy delete started

Import/Export

Space import
Space export
Space exported to PDF

Spaces

Space created
Space deleted
Space archived
Space unarchived
Space trash emptied
Space logo uploaded
Space logo enabled
Space logo disabled
Space logo deleted
Unknown update to space logo
Space configuration updated

Advanced

No additional events available

Full

No additional events available

Security

Coverage level
Category
Event
BaseAuditingAudit log search performed
Audit log exported
Audit log configuration updated

Advanced

Authentication

Secure admin access granted
Secure admin access request failed
Secure admin access dropped
User authorized external application access via OAuth tokens
User de-authorized external application access via OAuth token
User login failed*


Users and groups

Forgot password feature triggered
Forgot password feature triggered for unknown user


Security

User tried to access restricted page

Full

AuthenticationUser login successful
User logout

*We only track User login failed events if the authentication does not involve a redirect to an external identity provider. If a user tries to log in using SSO and fails, this event will not be logged. Most identity providers track these events in their own audit logs.

End user activity

DATA CENTER ONLY

Coverage level
Category
Events logged
BaseNo events available

Advanced

Pages and blogs

Blog post edit restriction added
Blog post edit restriction removed
Blog post view restriction added
Blog post view restriction removed
Blog post deleted
Blog post restored
Blog post purged from trash
Blog post version deleted
Page view restriction added
Page view restriction removed
Page edit restriction added
Page edit restriction removed
Page restored
Page deleted
Page version deleted
Page purged from trash
Attachment deleted
Attachment version deleted
Comment deleted

Import/ExportPage exported to PDF
Blog post exported to PDF
Page exported to Word
Blog post exported to Word

Full

Pages and blogs

Page created
Page edited
Blog post created
Blog post edited
Comment created
Comment edited
Inline comment created
Inline comment edited
Attachment downloaded
Attachment uploaded


Last modified on Jun 30, 2020

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.