Auditing in JIRA

About auditing in JIRA

The auditing feature tracks key activities in JIRA. These activities are recorded in an audit log that can be viewed in the JIRA administration console. This can be a handy tool in helping you diagnose problems in JIRA or used for security purposes.

The following information is audited by JIRA:

  • user management
  • group management
  • project changes
  • permission changes
  • workflow changes
  • notification scheme changes
  • custom field changes
  • component changes
  • version changes

The audit log is not intended to record all activity in JIRA, as can be seen above. For example, it does not track issue updates or pages that are viewed by a user. Rather, the audit log is intended to record configuration changes that can impact users and projects. The full list of events recorded by JIRA can be seen below.

On this page:

Viewing the audit log

To view the audit log in JIRA:

  1. Log in as a user with the JIRA Administrators global permission.
  2. Choose  > System > Audit Log.
    (tick) Keyboard shortcut: g + g +  type Audit log
  3. The following events are audited:

    Category Events
    User management user added, user removed, user changed
    Group management group added, group removed, user added to group, user removed from group
    Project changes project created, project removed, project updated, project category changed, project avatar changed
    Permission changes scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, permission added to scheme, permission removed from scheme, global permission added to a group, global permission removed from a group
    Workflow  changes scheme created, scheme copied, scheme removed, scheme edited, scheme assigned to a project, scheme unassigned from a project, workflow created, workflow copied, workflow removed, workflow renamed, workflow draft published
    Notification changes scheme created, scheme copied, scheme removed, scheme edited, scheme added to project, scheme removed from project, notification added to scheme, notification removed from scheme
    Custom field changes custom field created, custom field updated, custom field removed, scheme added to project, scheme removed from project
    Component changes component created, component edited, component deleted
    Version changes version created, version edited, version deleted, version merged, version archived/unarchived, version released/unreleased

Notes:

  • The date and time displayed by the audit log is based on the timezone of the host JIRA server, and not on the viewer's timezone.
  • The audit log cannot be sorted. Try exporting the data and opening it in a spreadsheet to manipulate the data.

Hiding external directory user events (LDAP/Crowd events)

By default, the audit log will display all recorded events. However, you can choose to hide external directory user events (those triggered by LDAP or Crowd) from view. These events are still recorded, and will still be available for export.

  1. Log in as a user with the JIRA System Administrators global permission.
  2. Choose  > System > Audit Log
    (tick) Keyboard shortcutg + g +  type Audit log
  3. Select Actions > Audit Log Settings.
  4. Check the Hide events from external user directories check box to hide the user events.

Modifying the audit log retention period

Auditing is always enabled in JIRA. However, you can configure how long audit events are retained.

  1. Log in as a user with the JIRA System Administrators global permission.
  2. Choose  > System > Audit Log.
    (tick) Keyboard shortcut: g + g +  type Audit log
  3. Select Actions > Audit Log Settings.
  4. Choose your retention period.

Exporting the audit log

You can export the audit log as a text file. When you export the audit log, all the events are included in the export, even if you currently have filtered the audit log results in the page.

  1. Log in as a user with the JIRA System Administrators global permission.
  2. Choose  > System > Audit Log.
    (tick) Keyboard shortcut: g + g +  type Audit log
  3. Select Export.

Auditing and the REST API

The audit log can also be accessed via the REST API. You may use this to:

  • Export the audit log
  • Add events to the audit log triggered by external plugins

For more information on using the REST API, please refer to the JIRA REST documentation for your appropriate version of JIRA within the developer documentation here.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport