Admin Audit Log Formats

The Cisco Secure Access Admin Audit logs show the administrative changes to your organization's Secure Access settings. For information about the size of a log file, see Estimate the Size of a Log.

Table of Contents


Examples of Admin Audit Logs.

V8, V9 Log Samples

"","2021-07-22 10:46:45","[[email protected]](mailto:[email protected])","","logexportconfigurations","update","","version: 4","version: 5"

Order of Fields in Admin Audit Log

Note: Not all fields listed are found in most or all requests. When a field does not have a value, Secure Access sets the field to the empty string ("") in the log.

V8, V9 Log Formats

The CSV fields in the header row of the Admin Audit logs.

id,timestamp,email,user,type,action,logged in from,before,after
  • id—A unique identifier of the audit event.
  • timestamp—The date and time when this request was made in UTC. This is different than the Secure Access dashboard, which converts the time to your specified time zone.
  • email—The email of the user that triggered the event.
  • user—The account name of the user who created the change.
  • type—Where the change was made, such as settings or a policy.
  • action—The type of change made, such as Create, update, or Delete.
  • logged in from—The user's IP source.
  • before—The policy or setting before the change was made.
  • after—The policy or setting after the change was made.

Reports and CSV Formats < Admin Audit Log Formats > Cloud Firewall Log Formats