Audit Log

The Audit Log panel in the VIP Dashboard provides visibility into what is happening in an organization or an application. An audit trail of all management actions on the platform allows compliance with internal and external regulatory standards, and provides insight for debugging, security, and incident investigation. 

Audit Logs are immutable and the reported data is retained for the lifetime of each customer.

Access the application view

All management actions that occur specific to that application are reported in the application’s Audit Log.

To access the application view of the Audit Logs panel:

1. Navigate to the VIP Dashboard for an application.
2. Select an environment from the environment dropdown located at the upper left of the VIP Dashboard.
3. Select “Logs” from the sidebar navigation at the left of the screen.
4. Select “Audit” from the submenu.

Access the organization view

All management actions that occur on all applications belonging to the organization are reported in the organization’s Audit Log.

To access the organization view of the Audit Logs panel:

1. Navigate to the VIP Dashboard for an organization.
2. Select “Audit Log” from the sidebar navigation at the left of the screen.

Structure of logged events

All recorded events display the following information:

Date & Time	When the event happened. Dates & times are shown in the local timezone of the person who is viewing the audit log screen. Hover over the time to see time in UTC.	Example: 12:20pm
Actor	The user who performed the event. This will be a user within the organization, a VIP Support user (denoted by a “(VIP)” after their name), or an automation bot (Platform Bot).	Example: John Newton
Description	A sentence describing the event.	Example: Added domain mytestdomain.com
Target	What was affected by the event. An environment, a user, or the organization.	Example: mytestsite/production

Additional relevant contextual information may be shown for some events.

Event permalinks

Each logged event has a unique and shareable permalink URL linked in the event’s timestamp. When the event’s permalink is selected, the Audit Log is filtered to display that event at the top of the list, and all prior events listed below it.

Types of logged events

Application and environment lifecycle	Application created
	Application retired
	Environment created
	Environment retired
	Environment launched
	A network site launch started on a WordPress multisite environment
	A network site launch completed on a WordPress multisite environment
Basic Authentication	Basic Authentication has been enabled
	Basic Authentication has been disabled
	A Basic Authentication username/password combination has been added
	A Basic Authentication username/password combination has been removed
	A Basic Authentication username/password combination has been updated
Codebase: Plugins	A user initiated a pull request to update a plugin
Data sync	A data sync was queued
Database Backups	A database backup was requested
	A database backup for a network site was requested
	A database backup was downloaded
	A database backup was started
Deployments	A rollback to a previous deployment was initiated
	A deployment was successful
	A deployment failed
Domains	A domain was added
	A domain was deleted
	A domain was set as primary
	A domain was updated
Environment variables	An environment variable was added
	An environment variable was updated
	An environment variable was deleted
GitHub repository	GitHub webhook is configured
	The associated GitHub repository or branch was updated
	GitHub deploy key added
	GitHub deploy key updated
	GitHub deploy key deleted
HSTS	HSTS settings have been updated
Imports	A SQL import was requested
	A media import was requested
	A media import was aborted
HTTP request Log Shipping	A log shipping configuration has been created
	A log shipping configuration has been updated
	A log shipping configuration has been deleted
	A log shipping configuration has been enabled
	A log shipping configuration has been disabled
IP Allow list	IP Allow list functionality has been enabled
	IP Allow list functionality has been disabled
	An IP or CIDR range has been added
	An IP or CIDR range has been removed
	The list of IPs and CIDR ranges has been updated
Media Backups	A media backup was started
	A media backup for a network site was started
	A media backup was downloaded
New Relic	A New Relic license key was added
	A New Relic license key was updated
	A New Relic license key was removed
Purge the page cache	One or more URLs were purged from the page cache
Single Sign-On	An identity provider (IdP) configuration was created
	An identity provider (IdP) configuration was updated
	Assertion encryption was enabled on an identity provider (IdP) configuration
	Assertion encryption was disabled on an identity provider (IdP) configuration
	Email domains for Single Sign-On were updated
	Enforce SSO for an organization was enabled
	Enforce SSO for an organization was disabled
Software Versions	A software update was started
TLS/SSL certificates	Let’s Encrypt certificates were enabled on a domain
	Let’s Encrypt certificates were disabled on a domain
	Let’s Encrypt configuration was changed
	A certificate was added
	A certificate was activated for a domain
	A certificate was deactivated for a domain
	A certificate was updated
	A certificate was deleted
VIP Dashboard access	A user created an invitation
	A user resent an invitation
	A user accepted an invitation
	A user canceled an invitation
	A user’s role was added
	A user’s role was updated
	A user’s role was removed
VIP Support user	A VIP Support user was created on the WordPress environment
WP-CLI commands	A WP-CLI command was run using VIP-CLI