Logged activities

Sitecore Common Audit Log records user activities as they occur in supported Sitecore digital experience platform (DXP) applications. Every audit log includes:

  • What activity occurred.

  • When the activity occurred and in which Sitecore DXP app.

  • Which user performed the activity.

  • Which entity was affected by the activity.

Entities

Depending on what was affected by the activity, the entity can be a user (any team member of your Sitecore Cloud Portal organization), or some feature or data in a Sitecore DXP app.

For example, when a Sitecore Cloud Portal administrator deactivates a user's account, the entity is the deactivated user. In contrast, when a user creates an experience in Sitecore Personalize, the entity is the experience.

Here's a list of all logged activities for the user entity, recorded across all supported Sitecore DXP apps:

Entity

Activity

Description

User

anomaly 

Anomalous user behavior was detected, such as too many failed login attempts.

permissions_assigned 

A permission was assigned to the user.

permissions_removed 

A user permission was removed.

role_assigned 

A role was assigned to the user.

role_removed 

A user role was removed.

user_created 

A user was created.

user_deactivated 

A user was deactivated.

user_deleted 

A user was deleted.

user_email_updated 

A user's email address was updated.

user_login 

A user logged in.

user_login_failed 

A user failed to log in.

user_logout 

A user logged out.

user_password_reset_requested 

A user requested a password reset.

user_reactivated 

After being deactivated, a user was reactivated.

user_viewed 

A user profile was viewed.

For entities specific to Sitecore DXP apps, see:

Example audit log

Here's an example audit log. In the log object:

  • The system key contains the name of the Sitecore DXP app where the activity occurred.

  • The action key contains the activity that occurred.

  • The sourceSystemUserContext object contains which user performed the activity.

  • The entity object contains the entity affected by the activity.

RequestResponse
{
  "system": "Personalize",
  "time": "2024-01-08 08:17:32",
  "action": "experience_deleted",
  "entity": {
    "id": "574eedc0-79d9-4375-93ad-873737d4c8e1",
    "type": "EXPERIENCE",
    "extensions": {
      "entityLevelExtension": "AnyCustomValues"
    }
  },
  "sourceSystemUserContext": {
    "id": "[email protected]",
    "anonymousId": "dxGef14c",
    "IPAddress": "198.10.12.01",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  },
  "extensions": {
    "eventLevelExtension": "AnyCustomValues"
  }
}

In this example, user [email protected] deleted an experience in Sitecore Personalize on January 8, 2024.

Do you have some feedback for us?

If you have suggestions for improving this article,