About logs
Feature availability depends on the cloud platform that you use. For details, refer to the Feature availability page.
The Audit Logs capabilities can offer two concurrent experiences for managing and exporting organizational audit data: the unified logs experience and the classic logs experience.
Both experiences provide visibility into platform activity, helping you monitor usage, ensure compliance, and analyze operational events across your organization.
Unified logs
The unified logs experience provides a centralized view of audit logs across most UiPath services that are onboarded to the unified framework. Unified logs experience supports filtering, exporting logs for the last 90 days as a CSV file, and exporting up to two years of data through a custom script.
The unified logs experience also includes audit logs at the tenant level for tenant-specific services, offering a broader and more consistent view of activity across the platform.
The following UiPath services have been onboarded to the unified logs experience:
- Access policy management, Authorization, and other administration services
- Apps
- Automation Ops
- Data Fabric
- Document Understanding
- Integration Service
- Licensing
- Test Manager
Audit logs
Audit logs in Automation Cloud provide a centralized, secure, and scalable way to track key activities across your organization. Administrators can use audit logs to maintain compliance, monitor user actions, and support security investigations.
Audit logs give you access to the following capabilities:
- Advanced filtering and search: You can use filters and search tools to quickly locate specific events. You can search by the following criteria: time range, user, source, category, action, status, IP address, and perform text search.
note
You can view audit logs from the past 90 days.
- Export options: You can export audit logs to CSV for external storage or analysis, via the Export option, the Audit Logs APIs, or via a dedicated UiPath script.
note
You can export up to 100,000 rows, with data for up to 90 days being available.
- Multi-scope visibility: Audit logs are available at both organization and tenant levels.
Organization administration
Organization-level audit logs capture action performed in organization-scoped services. This includes operations such as identity management, directory sync, user and group administration, and organization-wide settings.
As an organization administrator, you can view audit logs by going to Admin > Organization > Audit Logs.
The following table lists the audit events generated by organization-scoped services that you can view in Automation Cloud:
| Source | Category | Activity |
|---|---|---|
| Access Policy | Ip Configuration | Created a new Ip Configuration, Deleted an Ip Configuration, Delete all Ip Configurations, Update the Ip Configurations |
| Access Policy | Ip Configuration Status | Created a new Ip Configuration Status, Deleted an Ip Configuration Status, Updated the Ip Configuration Status |
| Access Policy | AccessPolicy | AccessPolicy Is Evaluated |
| Admin | User Administration | Invite User, Delete User, Update User Details |
| Admin | Robot Administration | Create, Update, Delete Robot Account |
| Admin | Group Administration | Create, Update, Delete Group, Create/Update/Delete Group Membership Rule |
| Admin | External Application Admin | Register, Update, Delete External App, Create/Delete Secret, Generate New Secret, Create/Delete/Regenerate Personal Access Token, Create/Update/Delete Federated Credential |
| Admin | Directory Administration | Create, Update, Delete Directory Connection |
| Admin | Security Settings | Update Encryption Key, Authentication Setting, Access Restriction Setting |
| Admin | Organization Administration | Create, Update, Delete Org and Org Settings |
| Admin | Tenant Administration | Create, Update, Enable, Disable Tenant |
| Directory Sync | Org Membership | User Auto-Joined Org, User Details Auto-Updated, User Auto-Deleted from Org |
| Directory Sync | Group Management | Group Auto-Created, Group Auto-Updated, Group Auto-Deleted |
| Group Management | Group Membership | User Manually Added/Removed from Group, User Auto-Added/Removed from Group |
| Identity | Authentication | User Login, Robot Login, External App Login |
| Identity | User Account | Changed Password, Reset Password, Reset Password Email Sent, Linked Accounts |
| Organization Management | Org Membership | User Manually Joined Org, User Manually Removed from Org |
Apps
This section describes the audit log actions recorded for Apps, under the App Management category. For each action, the following table lists what action is logged and the captured information.
Table 1. Apps logged actions
| Action | Description | Logged information |
|---|---|---|
| Create App | A user has successfully created an App . | User email, App name, creation date |
| Clone App | A user has successfully cloned an App. | User email, Original App name, Cloned App name, clone date |
| Delete App | A user has successfully deleted an App. | User email, App name, deletion date |
| Export App | A user has successfully exported an App. | User email, App name, export date |
| Import App | A user has successfully imported an App. | User email, App name, import date |
| Share App | A user has successfully shared an App. | User email, App name, share date |
Automation Ops
This section describes the unified audit experience log actions recorded for Automation Ops, specifically for the Governance, Manage Feeds, Pipelines, and Source control audit sources. For each action, the following table lists what action is logged and the captured information:
| Category |
Action |
Description |
Logged Information |
|---|---|---|---|
| Policy management |
Created policy |
A user successfully creates a new policy. |
Policy name, license name, product name, policy data, priority, availability. |
| Policy management |
Edited policy |
A user successfully edits an existing policy. |
For both the original policy and the edited policy: name, product name, license name, policy data, priority, availability. |
| Policy management |
Edited product policy version |
A user performs a successful upgrade / downgrade of a policy template Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action. |
Product name, old template version, new template version (major.minor.patch). |
| Policy management |
Deleted policy |
A user successfully deletes a policy. |
Policy name, product name, license name, policy data, priority, availability. |
| Deployment management |
Deployed tenant policy |
A user successfully deploys one or more policies at tenant level. Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action. |
Policy name or No policy / Inherit , license name, product name, tenant name. |
| Deployment management |
Deployed group policy |
A user successfully deploys one or more policies at group level. It includes all actions that can affect the deployment settings:
Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action. |
Policy name or No policy / Inherit , license name, product name, group name. |
| Deployment management |
Deployed user policy |
A user successfully deploys one or more policies at user level. It includes all actions that can affect the deployment settings:
Each per-product edit is tracked in a separate log, regardless of whether or not it is the result of a bulk action. |
Policy name or No policy / Inherit , license name, product name, user name. |
| Connection Management |
Created GitHub connection | A user successfully creates a new connection to GitHub. |
Organization name (GitHub) / Account Id |
| Connection Management |
Created Azure connection | A user successfully creates a new connection to Azure. | Account Id + Account name |
| Connection Management |
Deleted GitHub connection | A user successfully removes a new connection to GitHub. | Organization name |
| Connection Management |
Deleted Azure connection | A user successfully removes a new connection to Azure. | Account Id + Account name |
| Connection Management |
Connection synced | The connection to an external provider is updated. |
Organization name (GitHub) / Account Id + Account name (Azure) |
| Feeds management |
Added custom feed |
A user adds a custom feed. |
Feed name, type, URL, security method, description. |
| Feeds management |
Deployed feed to tenant |
A user deploys a feed to a tenant. |
Feed name and URL, tenant name. |
| Feeds management |
Removed deployed feed from tenant |
A user removes a feed from a tenant. |
Feed name and URL, tenant name. |
| Feeds management |
Removed custom feed |
A user deletes a feed. |
Feed name, type, URL, security method, description. |
| Feeds management |
Updated Feed |
A user updates the details of a feed. |
For both the original feed and the edited feed: name, type, URL, security method, description, tags. |
| Package management |
Uploaded package to feed |
A user uploads a package to a feed. |
Package name and version, feed name and URL. |
| Package management |
Removed package from feed |
A user removes a package from a feed. |
Package name and version, feed name and URL. |
| Package management |
Duplicated package to feed |
A user copies a package from one feed to another. |
Package name and version, name and URL of source and destination feeds. |
| Pipeline management |
Created pipeline | A user created a pipeline. | User email, pipeline name and ID, flow ID, pipeline arguments, run selection, creation date |
| Pipeline management |
Edited pipeline | A user edited a pipeline. | User email, pipeline name and ID, flow ID, pipeline arguments, run selection, update date |
| Pipeline management |
Deleted pipeline | A user deleted a pipeline. | User email, pipeline name and ID, flow ID, pipeline arguments, run selection, deletion date |
| Environment management |
Initial pipeline setup | A user initially sets up a pipeline. | User email, pipeline name and ID, flow ID, pipeline arguments, run selection |
| Environment management |
Deleted runtime settings | A user deletes runtime settings. | User email, pipeline name and ID, flow ID, pipeline arguments, run selection, deletion date |
Licensing
This section outlines the audit log entries recorded for licensing-related activities, specifically for the License Accountant and License Resource Manager sources. Logged actions are grouped under the License Management category.
The table below provides details about each recorded action, including the event type and the logged information captured in the audit log.
Table 2. Licensing logged actions
| Action | Description | Logged information |
|---|---|---|
| Direct license allocation to user | A user allocated a license directly to another user. | User email, license type, recipient email, allocation date and time |
| Group rule license allocation to user | A license was automatically allocated to a user based on a group allocation rule. | User email, user group name, license allocation rule, recipient email, allocation date and time |
| Updating group rule license allocation | A user updated the license allocation rule for a user group. | User email, user group name, licenses added to the rule, update date and time |
| Upgrade license to trial | A user upgraded the organization license to a trial. | User email, trial name, upgrade date and time |
| Product quantity changed | A user changed the quantity of product licenses in the organization. | User email, organization name, updated product quantity, change date and time |
| Activate license | A user activated a license for the organization. | User email, organization name, license type, activation date and time |
| Update license | A user updated the organization license. | User email, organization name, license type, update date and time |
| Deactivate license | A user deactivated the organization's license. | User email, organization name, license type, deactivation date and time |
| Host allocated products to hosted organizations | A user allocated host licenses to an organization. | User email, organization name, license number, license types, allocation date and time |
| Request trial per SKU license | A user requested a trial per SKU license. | User email, trial per SKU license, request date and time |
| Disable trial per SKU license | A user disabled a trial per SKU license. | User email, trial per SKU license, disabling date and time |
| Create user group quota | A user created a quota for a user group. | User email, user group name, quota, creation date and time |
| Update user group quota | A user updated an existing user group quota. | User email, user group name, updated quota, update date and time |
| Delete user group quota | A user deleted a user group quota. | User email, user group name, deletion date and time |
Tenant administration
Tenant-level audit logs include events from tenant-scoped services, such as roles, services, and tenant settings.
To view audit logs for organization administrator, go to Admin, select your tenant, then choose Audit Logs.
The following table lists audit events generated by tenant-scoped services, including service management and role assignments within individual tenants.
| Source | Category | Activity |
|---|---|---|
| Admin | Tenant Administration | Enable, Disable, Remove Service in Tenant |
| Admin | Role Administration | Add, Remove, Update User Role |
Apps
This section describes the audit log actions recorded for Apps, under the App Management category. For each action, the following table lists what action is logged and the captured information.
Table 3. Apps logged actions
| Action | Description | Logged information |
|---|---|---|
| Publish App | A user has successfully published an App. | User email, App name, Folder name where the App was published |
| Deploy App to a Folder | A user has successfully published an App. | User email, App name, Orchestrator folder name. |
Data Fabric
To export Data Fabric audit logs at tenant level, take the following steps:
- Log in to Test Cloud.
- Navigate to Admin.
- Select your tenant, and then select Audit logs.
- Search and select DataFabric from the Source filter.
- Select Export to download the audit log
.csvfile.
The following actions are audited:
- Create
- Update
- Delete entities
- Entity fields
- Entity records
note
For record-level actions (Create, Update, Delete), audit logs show that a change occurred, but do not display the actual data values.
Document Understanding™
The Audit logs page displays the audit trail for actions performed by entities in Document Understanding™.
Audit logs for the Document Understanding™ service are available in Automation Cloud Admin > Audit Logs at tenant level.
The following table lists all the Document Understanding-specific events logged in Audit logs.
| Category | Action | Description | Logged information |
|---|---|---|---|
| Project operations | Create project | A user creates a new project. |
|
| Update project | A user edits the settings of a project. |
|
|
| Delete project | A user deletes a project. |
|
|
| Project versions | Create project version | A user creates a project version. |
|
| Edit project version | A user edits a project version. |
|
|
| Deploy project version | A user deploys a project version. |
|
|
| Undeploy project version | A user undeploys a project version. |
|
|
| Delete project version | A user deletes a project version. |
|
Integration Service
This section describes the Integration Service events that are recorded in the audit log.
Each log entry contains the following information:
- Date and time when the action was performed
- IP address
- User who performed the action
- Source (IntegrationService)
- Category (Connection Management)
- Action
- Status (Success or Failure)
See the following table for a list actions and the details logged for each one.
| Action | Description | Log details |
|---|---|---|
| Create Connection | A user creates a new connection. | Connection ID, Connector, Connection name, Folder key, Operation. |
| Update Connection | A user updates an existing connection. | Connection ID, Connector, Connection name, Folder key, Operation. |
| Delete Connection | A user deletes a connection. | Connection ID, Connector, Connection name, Folder key, Operation. |
Licensing
This section outlines the audit log entries recorded for licensing-related activities, specifically for the License Accountant and License Resource Manager sources. Logged actions are grouped under the following categories:
- License Allocation
- License Management
The table below provides details about each recorded action, including the event type and the logged information captured in the audit log.
Table 5. Licensing logged actions
| Category | Action | Description | Logged information |
|---|---|---|---|
| License Allocation | Configure fallback to tenant allocated Robot Units. | A user has configured a fallback to Robot Units available at the tenant level. | User email, configuration date |
| License Management | Update tenant allocated product quantities | A user has updated the number of licenses for a tenant service | User email, license type, updated quantity, update date |
Test Manager
This section describes the audit log actions recorded for Test Manager, under the available categories. For each action, the following table lists what action is logged and the captured information.
Table 6. Test Manager log actions
| Action | Description | Logged information |
|---|---|---|
| Project | ||
| Create project | A user successfully created a Test Manager project. | User email, project name, project prefix, creation date, project admin status (IsAdmin). |
| Update project | A user made changes within a Test Manager project, such as CRUD operations on any test artifact. | User email, project name, project prefix, update date, project admin status (IsAdmin), old values, new values. |
| Delete project | A user successfully deleted a Test Manager project. | User email, project name, project prefix, deletion date, project admin status (IsAdmin). |
| Import project | A user triggered the import of a project into Test Manager. | User email, project name, project prefix, import date, project admin status (IsAdmin), import status, import details, error codes or messages (in case of import failure). |
| Export project | A user triggered the export of a Test Manager project. | User email, project name, project prefix, export date, project admin status (IsAdmin), export status, export details, error codes or messages (in case of export failure). |
| Test Case | ||
| Create test case | A user successfully created a Test Manager test case. | User name, user email, user role, test case name, test case ID, creation date and time (timestamp). |
| Update test case | A user made changes within a Test Manager test case: editing fields, adding files, performing CRUD operations on manual steps, linking or unlinking automation to a test case, assigning requirements to test cases. | User name, user email, user role, test case name, test case ID, changes made (old_value to new_value), updated date and time (timestamp). |
| Delete test case | A user successfully deleted a Test Manager test case. | User name, user email, user role, test case name, test case ID, deletion date and time (timestamp). |
| Test Set | ||
| Create test set | A user successfully created a Test Manager test set. | User name, user email, user role, test set name, test set ID, creation date and time (timestamp). |
| Update test set | A user made changes within a test set in Test Manager: addition of documents, added custom fields, enforced an execution order. | User name, user email, user role, test set name, test set ID, changes made (old_value to new_value), updated date and time (timestamp). |
| Delete test set | A user successfully deleted a Test Manager test set. | User name, user email, user role, test set name, test set ID, deletion date and time (timestamp). |
| Requirement | ||
| Create requirement | A user successfully created a Test Manager requirement. | User name, user email, user role, requirement name, requirement ID, creation date and time (timestamp). |
| Update requirement | A user made changes within a Test Manager test case: editing name and description, editing custom field definitions, addition of documents, assignment of test cases. | User name, user email, user role, requirement name, requirement ID, changes made (old_value to new_value), updated date and time (timestamp). |
| Delete requirement | A user deleted a Test Manager requirement. | User name, user email, user role, requirement name, requirement ID, deletion date and time (timestamp). |
| Custom Field | ||
| Create custom field definition | A user created a Test Manager custom field definition. | User name, user email, name of custom field definition, ID of custom field definition, object type, data type, default value, value hints, creation date and time (timestamp). |
| Update custom field definition | A user made changes within a custom field definition in Test Manager: data type, object type, value hints, default value. | User name, user email, name of custom field definition, ID of custom field definition, changes made (old_value to new_value), updated date and time (timestamp). |
| Delete custom field definition | A user deleted a Test Manager custom field definition. | User name, user email, name of custom field definition, ID of custom field definition, deletion date and time (timestamp). |
| Users and groups | ||
| Assign users and groups to project | A user assigned users and groups to a Test Manager project. | User name, user email, user role, group name, group ID, roles, added by name, added by email, added by date & time. |
| Edit user roles | A user edited Test Manager roles. | User name, user email, user role, group name, group ID, changes made (old_value to new_value), edited by name, edited by email, update date & time. |
| Remove users and groups from project | A user removed users and groups from a Test Manager project. | User name, user email, user role, group name, group ID, roles, changes made (old_value to new_value), removed by name, removed by email, deleted date & time. |
Robot logs
The robot logs found at Orchestrator's folder level are useful to monitor the executions of every robot from a specific folder.
You need the specific folder permission to manage the logs .
Robot logs are kept for a maximum of 31 days by Orchestrator.
If you need these logs for longer, you can periodically export logs to:
- your local storage
- third-party cloud storage.
For instructions, refer to Exporting logs .
Retention periods
The retention periods for events captured in the unified logging experience are as follows:
- CSV export (via the UI): 90 days
- Long-term export (via the UiPath export script or Audit Logs APIs):
- 5 years for Enterprise plans or tiers
- 2 years for all other plans or tiers
Classic logs
The classic logs experience provides a simpler audit log view, covering primarily platform services and Automation Ops events. You can export logs as a CSV file for up to 5.000 entries at a time.
The classic logs experience is maintained for compatibility with existing workflows and offers a straightforward way to review key administrative and service-level activities.
Audit logs
Audit logs are a special type of logs that help to gain insight into events that happened within your organization. It answers the who, when, and where for every event, and it allows you to keep track of important changes.
When extracting audit logs, only the last 5000 entries are downloaded.
Organization administration
Feature availability depends on the cloud platform that you use. For details, refer to the Feature availability page.
The Audit Logs page captures actions performed from the Admin pages and log in activity for the organization. This includes user log in activity, license upgrades, any changes made to your tenants, refresh of an API key, and more.
As the organization administrator, you can view the audit logs by going to Admin > Organization > Audit Logs.
Each audit log entry is kept approximately 30 days in the case of Community accounts, and for two years for Enterprise.
To keep the logs beyond this limit, we recommend to periodically archive them as CSV files to your local storage. Select Download to export the audit logs.
Automation Ops
For information on Automation Ops classic logs, refer to the Logging page in the Automation Ops guide.
Robot logs
The robot logs found at Orchestrator's folder level are useful to monitor the executions of every robot from a specific folder.
You need the specific folder permission to manage the logs .
Robot logs are kept for a maximum of 31 days by Orchestrator.
If you need these logs for longer, you can periodically export logs to:
- your local storage
- third-party cloud storage.
For instructions, refer to Exporting logs.