Auditing in JIRA
About auditing in JIRA
The auditing feature tracks key activities in JIRA. These activities are recorded in an audit log that can be viewed in the JIRA administration console. This can be a handy tool in helping you diagnose problems in JIRA or used for security purposes.
The following information is audited by JIRA:
- user management
- group management
- project changes
- permission changes
- workflow changes
- notification scheme changes
- custom field changes
- component changes
- version changes
The audit log is not intended to record all activity in JIRA, as can be seen above. For example, it does not track issue updates or pages that are viewed by a user. Rather, the audit log is intended to record configuration changes that can impact users and projects. The full list of events recorded by JIRA can be seen below.
Viewing the audit log
To view the audit log in JIRA:
- Log in as a user with the JIRA Administrators global permission.
- Choose
> System > Audit Log. 
Keyboard shortcut: g + g + type Audit log The following events are audited:
Category Events User management user added, user removed, user changed Group management group added, group removed, user added to group, user removed from group Project changes project created, project removed, project updated, project category changed, project avatar changed Permission changes scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, permission added to scheme, permission removed from scheme, global permission added to a group, global permission removed from a group Workflow changes scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, workflow created, workflow copied, workflow removed, workflow renamed, workflow draft published Notification changes scheme created, scheme copied, scheme removed, scheme edited, scheme added to project, scheme removed from project, notification added to scheme, notification removed from scheme Custom field changes custom field created, custom field updated, custom field removed, scheme added to project, scheme removed from project Component changes component created, component edited, component deleted Version changes version created, version edited, version deleted, version merged, version archived/unarchived, version released/unreleased
Notes:
- The date and time displayed by the audit log is based on the timezone of the host JIRA server, and not on the viewer's timezone.
- The audit log cannot be sorted. Try exporting the data and opening it in a spreadsheet to manipulate the data.
Hiding external directory user events (LDAP/Crowd events)
By default, the audit log will display all recorded events. However, you can choose to hide external directory user events (those triggered by LDAP or Crowd) from view. These events are still recorded, and will still be available for export.
- Log in as a user with the JIRA System Administrators global permission.
- Choose > System > Audit Log. Keyboard shortcut: g + g + type Audit log
- Select Actions > Audit Log Settings.
- Check the Hide events from external user directories check box to hide the user events.
Modifying the audit log retention period
Auditing is always enabled in JIRA. However, you can configure how long audit events are retained.
- Log in as a user with the JIRA System Administrators global permission.
- Choose > System > Audit Log. Keyboard shortcut: g + g + type Audit log
- Select Actions > Audit Log Settings.
- Choose your retention period.
Exporting the audit log
You can export the audit log as a text file. When you export the audit log, all the events are included in the export, even if you currently have filtered the audit log results in the page.
- Log in as a user with the JIRA System Administrators global permission.
- Choose > System > Audit Log. Keyboard shortcut: g + g + type Audit log
- Select Export.
Auditing and the REST API
The audit log can also be accessed via the REST API. You may use this to:
- Export the audit log
- Add events to the audit log triggered by external plugins
For more information on using the REST API, please refer to the JIRA REST documentation for your appropriate version of JIRA within the developer documentation here.