Viewing Admin Logs
From the Logs area (Admin > Logs), you can view a history of actions within your vault. There are multiple pages in this area, each of which displays the history for a distinct type of action.
How to Export Audit Logs
To export audit logs:
- Open the page for the data you wish to export (system, object records, etc.).
- Set a date range using the Quick history drop-down. You can also choose a range by entering dates and clicking Get History.
- Click on the Actions menu (represented by a gear icon) and choose CSV, Text, or PDF. Note that CSV is only available if you use Vault in English, and TXT is only available if you use Vault in another language.
The exported CSV file shows information in a slightly different format. For example, the Event Description field does not exist in the export, but the export provides more detail on the changes.
When you export as PDF, Vault adds page numbers and a cover page to the PDF. Admins with the correct access can modify the cover page template. All audit histories and audit trails use the same Audit Export Cover Page template.
About Export Limits
Vault includes limits on how many days of results you can view and export in a single request. If you need to export a longer history, you can export multiple times, changing the date filter each time.
- System Audit History: Up to 31 days of results
- Login Audit History: Up to 14 days (two weeks) of results
- Domain Audit History: Up to 14 days (two weeks) of results
- Object Record Audit History: No limit
- Debug Log: Up to 30 days of results per log
- API Usage Logs: Up to 1 day of results at a time, with a maximum of 30 days in the past
System Audit History
The System Audit History page displays vault-level configuration and settings changes, for example, updates to workflows or object configurations. For each event, you can see the timestamp, user making the change, affected item, and description.
Login Audit History
The Login Audit History page displays user authentication events, including users’ logins, failed login attempts, and password changes. For each event, you can see the timestamp, user’s login name, originating IP address, type of event, user’s browser, and user’s platform.
Users exist at the domain level and a user login occurs at the domain level. Login Audit History shows vault-level authentication events each time a user accesses the current vault. In some situations, it also shows the domain-level authentication.
The Type field tells you which kind of event occurred:
- Enterprise Home Authentication identifies a domain-level login event. If there is no additional Vault Authentication event, this user did not access the current vault.
- Vault Authentication appears when a user accessed the current vault, after logging into another vault or logging into My Vaults.
- User Login means that a user logged in directly to the current vault. This type also appears for unsuccessful logins (wrong passwords, etc.).
- SSO Login indicates that a user logged in using a single sign-on security policy.
Last Login Information
The easiest way to find the last login date and time for a specific user is from Admin > Users & Groups > Users.
Object Record Audit History
The Object Record Audit History page displays all changes to object records. For each event, you can see the timestamp, user’s login name, affected item, and description.
Domain Audit History
The Domain Audit History page displays changes that occur at the domain level, including updates to user details, security policies, and network access rules. For each event, you can see the timestamp, user making the change, affected item, and description. Note that the Domain Audit History events are the same when viewed from any vault in the domain.
The Debug Log captures details about Vault Java SDK errors, which may be errors in your custom code or errors which result from exceeding governance limits. To inquire about Vault Java SDK solutions, contact Veeva Services.
API Usage Logs
The API Usage Logs capture daily API usage information. Up to 30 days of logs are stored. Note that the logs may have a delay up to 10 minutes.
From the Actions menu you can download a daily log as a CSV or Logfile, which contains the following information:
- timestamp: The date and time of this API request, in UTC.
- session_id: The Session ID of the user who made the request.
- user_id: The ID of the user who made the request.
- username: The Vault user name of the user who made the request.
- http_method: The REST HTTP Method of the request, for example, POST.
- endpoint: The Vault REST API endpoint used for this request.
- http_response_status: The HTTP response status of the request, for example, 200. Status codes are issued by a server in response to a browser’s request.
- api_version: The Vault REST API version used for this request, for example, v18.1. This value is blank for calls to the Authentication endpoint.
- api_response_status: The API response status, for example, SUCCESS.
- api_response_error_type: The API response error type, for example,
- transaction_id: The request transaction ID, which includes the vault ID.
- client_id: The client ID passed with this request. If the API request did not include a client ID, this value will be
unknown. If the API received a
client_idwhich was incorrectly formatted, this value will be
invalid_client_id. Learn more about Client Ids in the Developer Portal.
- client_ip: The IP address of the client, which is where the call originated.
- burst_limit_remaining: The number of API calls remaining in your bust limit. Learn more about API Limits in the Developer Portal.
- daily_limit_remaining: The number of API calls remaining in your daily limit. Learn more about API Limits in the Developer Portal.