Graylog Enterprise

More functionality for your Graylog cluster

Introduction to Audit Log - Graylog Enterprise

Securing your computer system just got easier with Graylog's Audit Log feature in Graylog Enterprise. With compliance in mind, Audit Log allows you to track user changes in Graylog and record all state changes into the database. In addition, you can search, filter, and export all audit log entries.

How it works

The Audit Log plugin automatically records user actions and directly stores it in Graylog's MongoDB database. You have the ability to set the length of time the actions will be saved in your Graylog configuration file.

Audit log events


The Graylog Audit Log plugin also includes a section in the web interface where you can view your stored events, search for specific events with an advanced query language, and export the results into a JSON or CSV file. In addition, you can always use Graylog's REST API to extract your data in a file to be viewed from anywhere.

Frequently Asked Questions

Where can I store the audit log?

You can store your audit logs in either MongoDB or a file in your server's file system. We highly recommend that you keep the default database storage as it is easier to write and collect your audit log entries.

Can I export CSV or JSON files with the audit log entries?

Yes, there are two methods to export the audit log entries. You can use the Graylog web interface, or if you wish to export programmatically, you can use Graylog's REST API.

How many days are my audit log entries stored?

You can customize the length of time your log entries are stored in your configuration. By default, entries will be stored for 365 days.

Can I search through my logs for a certain event?

Yes! You can search for a certain event either in the Graylog web interface or programmatically with our REST API.

Read more in the documentation


Back to Graylog Enterprise