Audit Log

The Audit Log feature enables you to track important operational changes in EMQX Cloud in real time. Through the Audit Log, EMQX Cloud root users and Auditors can easily see who performed critical operations, what actions were taken, when they occurred, and additional details about each action. It is an essential tool for meeting regulatory requirements and ensuring data security compliance.

Audit Log supports recording change-related operations from the EMQX Cloud console, deployment, and REST API, such as user logins and modifications to clients, access controls, and data integrations. However, read-only operations such as metrics retrieval and client list queries are not recorded.

EMQX Cloud provides an Audit Log tab on the Settings page to help root users and Auditors view and analyze audit records.

View Audit Logs

To view the content of the audit logs in the Cloud console, navigate to Settings -> Audit Logs.

You can filter and search log entries using the following criteria:

• Start – End: The time range during which the operation occurred.
• Type: The operation category, such as Login, LoginFailed, AccountChanged, etc.
• Operator: The account that performed the operation. You need to enter the account (email address) to search.

Below is an explanation for each column in the displayed audit log list:

• Time: When the operation occurred.
• Type: The category of the operation, such as PaymentMethodChanged, DeploymentCreated, DeploymentDeleted, DeploymentStopped, or Login.
• Operator: The user account that performed the operation.
• Account Type: The type of account used to perform the operation (for example, Administrator).
• IP: The IP address from which the operation was performed.
• Description: Additional details about the operation.