Audit Logging Events Reference

      +
      Audit Logging provides tools for administrators to track operational irregularities and to support regulatory and security compliance standards, such as HIPAA and SOC-2. Below is a list of possible Audit Events.

      About Audit Events

      You can use audit events to track and provide context on user activity within your application.

      Table 1. Events table field description

      Field Name

      Description

      ID

      A unique number used to distinguish between Audit Events. You can use the value to specify which events will be present or written to your audit logs, either globally or on a database level.

      Name

      A short descriptive name, this will be outputted as a field in the audit log.

      Description

      A longer name, this is will be outputted as a field in the audit log.

      DefaultEnabled

      If true, the given Audit Event is enabled by default.

      Filterable

      If true, the given audit event can be disabled.

      EventScope

      The scope of the event. This can be Global or Database. You can configure global scope events via the bootstrap config, and database events via the Admin REST API.

      EventType

      The type of action performed by the event. This can be user, admin, or data.

      MandatoryFields

      Fields that are always present in a given Audit Event.

      OptionalFields

      May or may not be present in a given Audit Event.

      Audit Event Types

      Audit Events can be one of the following types:

      • Admin - Events that track administrative and configuration changes.

      • Data - Events that track attempts to access and change data.

      • User - Events that track end-user operations.

      Audit Event Scopes

      Audit events have scope, this affects how they can be configured. The audit events scopes are:

      • Database - These events are specific to a database such as AuditIDDocumentUpdate 55002, and can only be enabled/disabled at the database configuration level. Database level audit events are segregated into per Sync Gateway database specific audit logs.

      • Global - These events are considered global such as AuditIDSyncGatewayStartup 53260, and have to be enabled/disabled in the bootstrap config.

      Auditing Events

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      53248

      Auditing enabled

      Audit logging was enabled

      TRUE

      FALSE

      Global

      admin

      audit_scope, description, id, name, timestamp, db

      53249

      Auditing disabled

      Audit logging was disabled

      TRUE

      FALSE

      Global

      admin

      audit_scope, description, id, name, timestamp

      53250

      Auditing configuration changed

      Audit logging configuration was changed

      TRUE

      FALSE

      Global

      admin

      audit_scope, cid, db, description, id, local, name, payload, real_userid, remote, timestamp

      Sync Gateway Events

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      53260

      Sync Gateway startup

      Sync Gateway started

      TRUE

      FALSE

      Global

      admin

      admin_interface_authentication, bcrypt_cost, description, disable_persistent_config, id, log_file_path, metrics_interface_authentication, name, server_tls_skip_verify, sg_version, timestamp, use_tls_server

      53270

      Public HTTP API request

      Public HTTP API request was made

      FALSE

      TRUE

      Global

      user

      cid, description, http_method, http_path, http_status, id, local, name, remote, timestamp, real_userid, request_body

      53271

      Admin HTTP API request

      Admin HTTP API request was made

      FALSE

      TRUE

      Global

      admin

      cid, description, http_method, http_path, http_status, id, local, name, remote, timestamp, real_userid, request_body

      53272

      Metrics HTTP API request

      Metrics HTTP API request was made

      FALSE

      TRUE

      Global

      admin

      cid, description, http_method, http_path, http_status, id, local, name, remote, timestamp, real_userid, request_body

      53280

      Public API user authenticated

      Public API user successfully authenticated

      TRUE

      TRUE

      Database

      user

      auth_method, description, id, name, timestamp, oidc_issuer

      53281

      Public API user authentication failed

      Public API user failed to authenticate

      TRUE

      TRUE

      Database

      user

      auth_method, description, id, name, timestamp, username

      53282

      Public API user session created

      Public API user session was created

      TRUE

      TRUE

      Database

      user

      description, id, name, session_id, timestamp, username

      53283

      Public API user session deleted

      Public API user session was deleted

      TRUE

      TRUE

      Database

      user

      description, id, name, session_id, timestamp, username

      53284

      Public API user all sessions deleted

      All sessions were deleted for a Public API user

      TRUE

      TRUE

      Database

      user

      description, id, name, timestamp, username

      53290

      Admin API user authenticated

      Admin API user successfully authenticated

      TRUE

      TRUE

      Database

      admin

      description, id, name, timestamp

      53291

      Admin API user authentication failed

      Admin API user failed to authenticate

      TRUE

      TRUE

      Database

      admin

      description, id, name, timestamp, username

      53292

      Admin API user authorization failed

      Admin API user failed to authorize

      TRUE

      TRUE

      Database

      admin

      description, id, name, timestamp, username

      53300

      sgcollect_info status

      sgcollect_info status was viewed

      TRUE

      TRUE

      Global

      admin

      cid, description, id, local, name, real_userid, remote, timestamp

      53301

      sgcollect_info start

      sgcollect_info was started

      TRUE

      TRUE

      Global

      admin

      cid, customer, description, id, keep_zip, local, name, output_dir, real_userid, remote, ticket, timestamp, upload_host, zip_filename

      53302

      sgcollect_info stop

      sgcollect_info was stopped

      TRUE

      TRUE

      Global

      admin

      cid, description, id, local, name, real_userid, remote, timestamp

      53303

      stats requested

      stats were requested

      FALSE

      TRUE

      Global

      admin

      cid, description, id, local, name, real_userid, remote, stats_format, timestamp

      53304

      profiling requested

      profiling was requested

      TRUE

      TRUE

      Global

      admin

      description, id, name, profile_type, timestamp, filename

      53350

      Sync Gateway cluster info read

      Sync Gateway cluster info was viewed

      TRUE

      TRUE

      Global

      admin

      description, id, name, timestamp

      Database Events

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      54000

      Create database

      A new database was created

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, payload, real_userid, remote, timestamp

      54001

      Read database

      Information about this database was viewed

      FALSE

      TRUE

      Database

      user

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54002

      Delete database

      A database was deleted

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54003

      Read all databases

      All databases were viewed

      FALSE

      TRUE

      Global

      admin

      cid, db_names, description, id, local, name, real_userid, remote, timestamp

      54010

      Read database config

      Database configuration was viewed

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54011

      Update database config

      Database configuration was updated

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, payload, real_userid, remote, timestamp

      54020

      Database offline

      Database was taken offline

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54021

      Database online

      Database was brought online

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54030

      Database compaction status

      Database compaction status was viewed

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp, type

      54031

      Database attachment compaction start

      Database attachment compaction was started

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp, type, dry_run, reset

      54032

      Database compaction stop

      Database compaction was stopped

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp, type

      54040

      Database resync status

      Database resync status was viewed

      FALSE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54041

      Database resync start

      Database resync was started

      TRUE

      TRUE

      Database

      admin

      cid, collections, db, description, id, local, name, real_userid, regenerate_sequences, remote, reset, timestamp

      54042

      Database resync stop

      Database resync was stopped

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54043

      Post-upgrade

      Post-upgrade was run for Sync Gateway databases

      TRUE

      TRUE

      Global

      admin

      cid, description, id, local, name, preview, real_userid, remote, timestamp

      54044

      Database repair

      Database repair was run

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54045

      Database flush

      Database flush was run

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      User and Role Administration Events

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      54100

      Create user

      A new user was created

      TRUE

      TRUE

      Database

      admin

      channels, db, description, id, name, roles, timestamp, username

      54101

      Read user

      Information about this user was viewed

      TRUE

      TRUE

      Database

      admin

      db, description, id, name, timestamp, username

      54102

      Update user

      User was updated

      TRUE

      TRUE

      Database

      admin

      channels, db, description, id, name, roles, timestamp, username

      54103

      Delete user

      User was deleted

      TRUE

      TRUE

      Database

      admin

      db, description, id, name, timestamp, username

      54104

      Read all users

      List of all users was viewed

      TRUE

      TRUE

      Database

      admin

      db, description, id, name, name_only, timestamp, limit

      54110

      Create role

      A new role was created

      TRUE

      TRUE

      Database

      admin

      admin_channels, db, description, id, name, role, timestamp

      54111

      Read role

      Information about this role was viewed

      TRUE

      TRUE

      Database

      admin

      db, description, id, name, role, timestamp

      54112

      Update role

      Role was updated

      TRUE

      TRUE

      Database

      admin

      admin_channels, db, description, id, name, role, timestamp

      54113

      Delete role

      Role was deleted

      TRUE

      TRUE

      Database

      admin

      db, description, id, name, role, timestamp

      54114

      Read all roles

      List of all roles was viewed

      TRUE

      TRUE

      Database

      admin

      db, description, id, include_deleted, name, timestamp, limit

      Replication Events

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      54200

      Changes feed started

      Changes feed was started

      TRUE

      TRUE

      Database

      data

      cid, db, description, id, ks, local, name, real_userid, remote, since, timestamp, channels, doc_ids, feed_type, filter, include_docs

      54300

      Replication connect

      A replication client connected

      TRUE

      TRUE

      Database

      user

      cid, client_type, db, description, id, local, name, real_userid, remote, timestamp, client_version

      54301

      Replication disconnect

      A replication client disconnected

      TRUE

      TRUE

      Database

      user

      cid, client_type, db, description, id, local, name, real_userid, remote, timestamp

      54400

      Create Inter-Sync Gateway Replication

      A new Inter-Sync Gateway Replication was created

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, payload, real_userid, remote, replication_id, timestamp

      54401

      Read Inter-Sync Gateway Replication

      Information about this Inter-Sync Gateway Replication was viewed

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54402

      Update Inter-Sync Gateway Replication

      Inter-Sync Gateway Replication was updated

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, payload, real_userid, remote, replication_id, timestamp

      54403

      Delete Inter-Sync Gateway Replication

      Inter-Sync Gateway Replication was deleted

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54410

      Inter-Sync Gateway Replication status

      Inter-Sync Gateway Replication status was document viewed

      FALSE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54411

      Inter-Sync Gateway Replication start

      Inter-Sync Gateway Replication was started

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54412

      Inter-Sync Gateway Replication stop

      Inter-Sync Gateway Replication was stopped

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54413

      Inter-Sync Gateway Replication reset

      Inter-Sync Gateway Replication was reset

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, replication_id, timestamp

      54420

      All Inter-Sync Gateway Replication status

      All Inter-Sync Gateway Replication statuses were viewed

      FALSE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      54421

      Read all Inter-Sync Gateway Replications

      All Inter-Sync Gateway Replications were viewed

      TRUE

      TRUE

      Database

      admin

      cid, db, description, id, local, name, real_userid, remote, timestamp

      ID Name Description DefaultEnabled Filterable EventScope EventType Fields

      55000

      Create document

      A new document was created

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55001

      Read document

      A document was viewed

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55002

      Update document

      A document was updated

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55003

      Delete document

      A document was deleted

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, id, ks, name, real_userid, timestamp, cid, doc_version, local, purged, remote

      55004

      Read document metadata

      Document metadata was viewed

      FALSE

      TRUE

      Database

      data

      cid, db, description, doc_id, id, ks, local, name, real_userid, remote, timestamp

      55005

      Import document

      A document was imported

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, timestamp

      55006

      Resync document

      A document was resynced

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, timestamp

      55007

      Revoke document

      A document revocation request was sent to a client

      FALSE

      TRUE

      Database

      data

      db, description, doc_id, doc_version, id, ks, name, timestamp

      55010

      Create attachment

      A new attachment was created

      FALSE

      TRUE

      Database

      data

      attachment_id, db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55011

      Read attachment

      An attachment was viewed

      FALSE

      TRUE

      Database

      data

      attachment_id, db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55012

      Update attachment

      An attachment was updated

      FALSE

      TRUE

      Database

      data

      attachment_id, db, description, doc_id, doc_version, id, ks, name, real_userid, timestamp, cid, local, remote

      55013

      Delete attachment

      An attachment was deleted

      FALSE

      TRUE

      Database

      data

      attachment_id, db, description, doc_id, id, ks, name, real_userid, timestamp, cid, doc_version, local, remote