About Audit Log

The Audit Log feature, Administration > Audit Log, tracks system configuration and run time changes in an audit trail. This provides the ability to report and correlate failures with configuration changes which can be very useful since a majority of system failures are due to configuration changes. The audit facility reports on changes from various areas in GroundWork Monitor including Status, Cloud Hub, Downtime, and configuration applications. Audit Log lists the most recent activity first and includes the subsystem used, the host or group, service, action, user who issued the change, and the time of the change.

Tracking System Changes

Filtering Activity

The user interface lists activity that can be filtered. Filters include the name of a Sub System (e.g., CloudHub, GORT, Monarch, Users, Metrics, TCG), Host or Group Name(e.g., cadvisor:8098), Service DescriptionUser Name (e.g., guest), and part of an activity Message text (e.g., docker). A Date-Time Range can also be used in filtering specific activity. Clicking a column title sorts the list by ascending or descending order.

For example if you want to list GroundWork Messenger notifications sent for the service cpu, you would enter Sub System: GORT, Service Description: cpu, and select the Filter button. Of course you could narrow down the results further by adding a host or group name, user name, and a date and time range, and even text that may be in a message.
audit log filters

Log Content

The following table describes each of the columns content in the audit log: 

Column NameDescription

Activity Message

Displays the textual description of the change that has been made.


Indicates where the change occurred, the subsystem the audit action is logged for, (e.g., Console, SV (Status Viewer), Monarch, CloudHub).

Host or Group 

Indicates the name of the host or group associated with the change, the host or group name the audit is logged for.


Indicates the name of the service or instance of the change.


Lists the audit action logged (e.g., ACTION, ADD, DELETE, MODIFY, ENABLE, DISABLE).


Displays the name of the user that performed the audited action.


Indicates the date and time the audit action was logged. 

Related Resources