Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
The audit log tracks key activities that occur within Atlassian organization. Use these activities to diagnose problems or questions related to user details, product access, managed accounts, and organization settings.
Who can do this? |
The audit log includes activities for a specific time period. To save activities before they pass 180 days, export the audit log periodically.
Tracking user-created activity in the audit log is available when you upgrade your products to an Enterprise plan. What are Enterprise plans
By default audit log tracks user-created activity for all accounts: managed and unmanaged. User-created activity refers to actions users take like viewing or creating a Confluence page.
In admin.atlassian.com there are references to when a user was Last active. This refers to the last time the user viewed a product's page for a minimum of 2 seconds, which may differ from the audit logs activities.
You can choose whether or not to store user-created content in the audit log. When you update your activity settings in the audit log, you can see these changes in activity:
1. Stored
2. Not Stored
Stored user-created activity – you can see the Confluence page title and/or Jira issue identification in the audit log.
Not stored user-created activity – you’re unable to see the Confluence page title and/or Jira issue identification in the audit log.
Data residency isn’t available for the audit log.
You may want to exclude sensitive content from the audit log. You can do this by updating your activity settings in the audit log. Understand data residency
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Audit log.
Select Activity settings.
Select Product > Stored to start storing user-created activity.
Select Product > Not stored to stop storing user-created activity.
Audit logs already exist in Jira Cloud and Confluence Cloud. Refer to the table to understand the different types of activities you can find in each audit log.
| Jira Cloud / Confluence Cloud | Atlassian Guard Standard | Atlassian Guard Premium | Cloud Enterprise |
---|---|---|---|---|
Example activities |
|
|
|
|
Scope | Each individual product | All sites and products added to the organization | All sites and products added to the organization | Jira and Confluence |
Storage | Determined by each product’s storage limits | Retain for 180 days | Retain for 180 days | Retain for 180 days |
With Atlassian Guard Premium and Cloud Enterprise, you can register and stream audit log activities to a designated URL. Explore product audit logs in the Jira admin or Confluence admin documentation.
The audit log includes these types of activities.
Type | Activity explanation |
---|---|
Site & product users | Actions that admins complete for users with product access, typically from the Users page or an individual user’s details page. |
Groups | Actions that admins complete, typically from the Groups or Product access pages. |
Organization | Actions that organization admins complete, related to settings or other organization pages. |
Security policies | Actions that organization admins take related to the organization’s security policies. |
User accounts | Actions that the organization's managed accounts take with their own accounts. |
To see a detailed list of the Bitbucket Cloud audit log events, refer to Bitbucket Cloud audit log events.
To access your organization's audit log:
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Audit log.
You need to be an organization admin to do this.
You’ll see a table of activities, organized by the date and time the activity happened and the actor who took the action. The actor may be a user or the Atlassian system.
It may take a few minutes for new activities to appear in the audit log.
The audit log lists activities that go as far back as 180 days.
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Audit log.
Enter your search criteria in the text field. You can search for activities with users' names, email addresses, group names, or site names. You must enter an exact term.
Narrow the search results by specifying the dates and activity.
Click Apply to search.
When you export a log, you receive an email with a CSV file to download. The CSV file will include up to 10,000 activities. If you’re using the search or filter options when you export, the CSV file will only include the filtered activities.
You can also use the organizations REST API to access and save audit log activities. See our API documentation for more details.
Go to admin.atlassian.com. Select your organization if you have more than one.
Select Security > Audit log.
Click Export log in the top right.
From the dialog, click Export.
You’ll receive an email called Your audit log is ready to download. From the email, click Download audit log to download the CSV file.
The download link in the email expires one day later. If you don’t download the CSV file right away, you can export the log again.
Was this helpful?