Activity logs

View and download event logs.

The Monitor Activity logs page displays logged events. Each event has a type, description, and timestamp. The description includes the name of the user associated with the event and other related information:

The system retains activity logs for 90 days. If you need to keep events for audit purposes, you can download them in a .csv file.

By default the Activity logs table lists all events for the current day. You can:

Change the date range.
Search for a string, such as a user name.
Filter by activity type.

Event categories

Select a category from the dropdown list to view events of that type. The following table describes events for each category:

Category	Description
All activities	Events in chronological order with no filter applied.
ACL	Events related to user accounts and groups, including permission changes for assets.
APIM	APIM user activities and subscription user notifications: API published, unpublished, deprecated, or retired Developer portal user membership pending, approved, or removed User subscription approved
Asset	Events related to assets such as projects, pipelines, accounts, and files (viewed, downloaded, or accessed): Asset created, created by import, moved, deleted, updated, or renamed Asset ownership changes Asset ACL added or removed
User	Events related to user accounts: User created, deleted, added to a group, removed from a group, logs in (session created), logs out (session deleted), changes password, User password changed or reset
Policy	Policy created, removed, or updated at any level in the environment, including projects and shared folders in Classic Manager and the API and version level in APIM.
Distribution (Dist)	For Snap Pack distributions: Change in the Snap Pack asset label (Dist override) Change in the Snap Pack asset FQID (Dist change)
Environment (Org)	Changes to environment settings: Single Sign-On via SAML v2.0 requests signed update, context added, updated or removed Auto upgrade Snaplex enabled or disabled Snaplex version updated Account data encryption settings, sensitivity levels Trusted Orgs added or removed Configure session or idle timeout User password expiration notice or period change or all passwords expired Alerts/Activity log notification changes User notifications add or remove slack change workspace name Snaplex Notification: email or Slack added or removed Email Encryption enabled or disabled Pipeline Validation enabled or disabled Cloud-triggered, CORS, and Groundplex allowlists added, updated, or removed Cloud Pattern Catalog enabled or disabled SnapGPT enabled or disabled Regression Test Settings enabled, disabled, Snaplex or result directory changed
Project	Project-level change to the pipeline validation setting.
Snaplex	Changes to Snaplex version, state changes, and events: Node added, restarted, put into or leaves maintenance mode, or crashes Snaplex congested Pipeline terminated
Session	User session start and end.
Group	Group created updated or deleted.
SnapLogic admin update	Changes to SnapLogic admin access.

The following sections describe some specific activities of interest.

File access events

The Asset category tracks file views, downloads, and access in the following format: <user id> accessed the file <FileName> under Project <path> in environment <env name>.

Attention: File uploads and execution of the File Reader Snap aren't captured in the activity log.

Snaplex events

The Snaplex category tracks node state changes, including node additions, removals, and crashes. The following screenshot shows a node entering and leaving maintenance mode:

Snaplex nodes in maintenance mode could signal issues with pipeline executions and help you investigate node crashes. A pattern of nodes entering maintenance mode with crash events might suggest a configuration problem.

Additional environment settings update events

IP, CORS, and Groundplex Allowlists for Org Events

The events are visible in the Activity log when you add or remove the IP address, CORS and Groundplex allowlists from the Admin Manager settings. Admin Manager setting changes such as to allowlists are logged as events for monitoring and auditing purposes.

API Daily Limit and Concurrent API Limit events

Changes to the API Daily Limit and Concurrent API Limit show in the Activity log along with details of the old and new API Daily and Concurrent Limit.

Email domain event

When the Org admin adds an email domain, a new audit entry is logged. If the email domain name is valid, the details of the event logged are displayed.

Snaplex pipeline interrupter event

When a pipeline is terminated due to excessive memory usage on the Snaplex node, an alert is listed under both the alert categories Snaplex and All. This alert displays the pipeline name, path, and an error message. The Environment admin can also create Alerts/Activity log notifications. For more information refer to create a notification rule.

Activity log for terminated pipeline in Snaplex tab

OAuth2 token refresh failures

The SnapLogic Platform refreshes the OAuth2 tokens automatically every 20 minutes for accounts that are set to auto-refresh. Failures can occur for several reasons:

Incorrect OAuth configuration settings
Expired credentials (outdated API keys or access tokens)

Stale account status

The SnapLogic Platform detects failures in the OAuth token refresh process and marks accounts that fail 18 times as stale. This mechanism prevents the refresh of the auto-refresh for the accounts marked as stale. This applies only to accounts that have the auto-refresh functionality enabled. You can view the stale accounts in the Activity log as displayed in the image below:

You can create a notification rule to receive alerts (via email and Slack) for stale accounts. After you set up a notification rule, you will receive an email or Slack notification similar to the example below:
Stale account notifcation

Reference for logged events

The following table lists the events tracked in the Activity log.


Field	Events logged
ACL	For changes to the ACL, the event tracked is: A permission is added or removed from an asset.
APIM	For changes to APIs published to the Environment Developer Portal and subscription status, the events tracked are: API is published API is unpublished API is deprecated API is retired. Developer portal user membership is approved Developer portal membership is removed Developer portal membership is in pending status User subscription is approved
Asset	Events track activities for the following assets: Asset is created Asset is created by import operation (applicable to projects and pipelines) Asset is deleted Asset is updated Asset is renamed Asset ownership changes Asset moves Asset acl added Asset acl removed
User	The events tracked are: User logs in (session created) User logs out (session deleted) User password changed User password reset User added to a phase User removed from a phase User created User deleted
Policy	For policies applied at any level in the environment, including projects and shared folders in Admin Manager, and at the API and version level in APIM, the events tracked are: Policy is created Policy is removed Policy is updated
Distribution (Dist)	For Snap Pack distributions, the events tracked are: Change in the Snap Pack asset label (Dist override) Change in the Snap Pack asset FQID (Dist change)
Environment (Org)	For Environment (Org), the events tracked are: User was added to the environment User was removed from the environment
Environment settings update	For changes Environment admins make in the Admin Manager Environment settings page the following events are tracked: Single Sign-On via SAML v2.0 Requests signed is updated Comparison context is updated Context is added Context is removed Auto upgrade Snaplex (Enabled or disabled) Snaplex versions (Detailed update) Snaplex name Version Note: Only one event record exists per Snaplex. Account data encryption (Detailed update) Configure Encryption Encryption setting: Standard, Enhanced Sensitivity level: High, Medium, Low, Medium, and High Manage Trusted Orgs (Detailed update) Org Name: Added, Removed Configure Timeout (Detailed update) Session Timeout Idle Timeout User password expiration Policy (Detailed update) Enforce Password Expiration Expiration period Expiration notice period Expire All passwords Alerts/Activity log notifications Event Type Additional details (except email) User notifications Add/Remove Slack Slack Setting Slack workspace name Manage Snaplex Notification Email Address: Added, Removed Slack Channel: Added, Removed Slack Direct message Added Removed Email Encryption Pipeline Validation (Enabled or disabled) Manage IP Allowlist Any IP IP Range: Added, Removed, Updated Manage CORS Allowlist IP Range: Added, Updated, Removed Manage Groundplex Allowlist IP Range: Added, Updated, Removed Cloud Pattern Catalog (Enabled/Disabled) SnapGPT (Enabled/Disabled) Regression Test Settings Status (Enabled/Disabled) Snaplex Test Result Directory Set Default Application
Snaplex	For Snaplexes, the following events are tracked: Snaplex node leaves maintenance mode Snaplex node is put into maintenance mode Snaplex node is restarted Snaplex is congested. New node is added to a Snaplex Node crash event is reported
Sessions	For sessions, the following events are tracked: When a user session ends When a user session is created
Group	For groups, the following events are tracked: Group is deleted Group is updated Group is created