Audit Log displays a read-only table of records of actions performed by users. These log records are searchable and exportable. Audit logs include both Successful and Unsuccessful actions attempted.

Actions

The following Audit log actions are enabled:

Note: Use your cursor to roll over the action button icons to identify specific functions.

Time filter: Users select from preset time filters or configure a custom time filter for log entries to view. The default time filter setting is Last 24 hours.
Search: Search the records. Select additional search filter criteria from the drop-down menu.
Tip: To search the exact phrase, enclose the search phrase within double quotes (for example, "Taylor-Finance-564").
Export checked items to CSV: Export the data to a CSV file based on filters and or selections.
Refresh: Refresh and view the updated status.
Customize columns: Show or hide specific columns.
View: To view details of a table entry, mouse over the entry to expand and click Audit details.

Audit log table

View the following audit details in the table.


Table item	Description
Status	Shows action status.
Time	Shows the date and time of the action performed.
Event Type	Shows the type of action performed.
Item Name	Shows the entity on which action was performed.
Event Started By	Shows the user that performed the action.
Source Device	Shows the device or machine name or IP address that was used to perform the action.
Source	Shows the component: Control Room, Enterprise Client or API, from where the action originated or was performed.
Request ID	Shows the unique identity number assigned to a specific set of user actions.

Bot life cycle audit logs

The entry shows the status of each stage of the bot life cycle.


Audit log entry	Success	Failure
Create automation	Bot was sent to the control room and was successfully compiled.	Check if the Control Room is up and running.
Bot Sent To Device	Control Room deployed the bot successfully on the specified device.	Possible reasons for failure entry include: Check if you have configured the Node manager on the corresponding device correctly. Check for the app Automation Anywhere Bot Manager in Add Remove Programs or in Control Panel > Uninstall a program. Try to reinstall by uninstalling and downloading the app again. Try to reinstall by uninstalling and downloading the app again from Device Manager. Ensure the device auto log in details are set correctly.
Run bot Deployed	The bot has started on the specified device.	Possible reasons for failure entry include: Check if you have configured the Node manager on the corresponding device correctly. Check for app Automation Anywhere Bot Manager in Add Remove Programs or in Control Panel > Uninstall a program. Try to reinstall by uninstalling and downloading the app again from Device Manager. Ensure device auto log in details are set correctly.
Run bot finished	Bot execution completed successfully.	Possible reasons for failure entry include: Check for the bot execution progression in Activity In progress. Check the code at the line where activity log has been paused for errors. If it has paused at a message box, minimize all windows and check if the message box is in the background.
Bot Runner Session Continued	Control Room deploys the TaskBots in a sequence for the same RDP session.
Bot Runner Session Released	When a task successfully completes the execution.
Download file	Downloading to the Control Room.
Upload file	Uploading a file to the Control Room.
Bot Runner Session	Control Room gets the RDP session of Bot Runner machine.

Syslog audit log

For on-premises deployments, the SysLog Configuration audit entry shows the Control Room server status when adding, editing, or deleting the system configuration. The Syslog details shows these attributes and their values:

Syslog Server Hostname: Full qualified domain name (FQDN) or the IP address of the Syslog server used to deliver the log reports
Port: Port used by the remote Syslog server to receive incoming Syslog records
Protocol: TCP or UDP
Use Secure Connection: TLS encrypted channel used to send Syslog records to the remote Syslog server


Audit log entry	Status	User action	SysLog details shows these attributes and their values
SysLog Configuration	Successful	Adds new values to an existing server	Syslog Server Hostname Port Protocol Use Secure Connection For example: MyServer1.aa.com, 468, TCP, Enabled
	Successful	Adds new values to multiple servers	Syslog Server Hostname Port Protocol Use Secure Connection For example: MyServer1.aa.com, 468, TCP, Enabled MyServer2.aa.com, 333, TCP, Disabled
	Successful	Edits existing server	Syslog Server Hostname Port Protocol Use Secure Connection For example: Old ValueMyServer1.aa.com, 468, TCP, Enabled New Value MyServer123.aa.com, 514, UDP, Disabled
	Successful	Deletes existing server	Syslog Server Hostname Port Protocol Use Secure Connection For example: MyServer1.aa.com, 468, TCP, Enabled
SysLog Configuration	Unsuccessful	User attempted to save the system configuration; however, the Control Room was not able to save the configuration.	For an unsuccessful status, you can use the results to troubleshoot the issue. Examples: Invalid Protocol, or Could not save SysLog settings. Invalid Host.

External key vault audit log

For cloud deployments, the External key vault configuration audit entry shows the type of external key vault configured (if any). Automation Anywhere supports these external key vaults:

AWS Secrets Manager
Azure Key Vault
CyberArk Password Vault

Based on the type of external key vault configured, the external key vault configuration details shows different attributes and their values.


Audit log entry	External key vault	User action	Configuration details shows these attributes and their values
External key vault configuration	AWS Secrets Manager	Adds a new AWS Secrets Manager when there was previously no external key vault.	External key vault value: Changes from no external key vault to AWS Secrets Manager. AWS Secrets Manager value is Enabled Region value is set to (for example) us-east-1
	CyberArk	Adds a new CyberArk Password Vault when there was previously no external key vault.	External key vault value: Changes from no external key vault to CyberArk. CyberArk value is Enabled Vault URL is the CyberArk AIM server CCP API URL and is set to (for example) https://<hostname:port_num>/ Application ID is the CCP API AppID and is set to (for example) AAEControlRoom
	Azure Key vault	Adds a new Azure Key vault when there was previously no external key vault.	External key vault value: Changes from no external key vault to Azure Key vault. Azure Key vault value is Enabled Vault URL is the Azure Key Vault URL and is set to (for example) https://user-db-vault.vault.azure.net/ Client ID is the (application) ID of an App Registration in the tenant and is set to (for example)536145 Tenant ID is the Azure Active Directory tenant (directory) ID and is set to (for example)89D12L
External key vault configuration	Change from AWS Secrets Manager to CyberArk	User changes from one external key vault to another type.	External key vault value changes from AWS Secrets Manger to CyberArk

Automation Anywhere Robotic Interface (AARI) Audit logs

The entry shows the status of events relating to requests, teams, scheduler, process setups, bot setups, human tasks, and bot tasks that you have created, deleted, updated, submitted, or recovered.


Audit log entry	Success
AARI Team	When a team is created by a user When a team is edited by a user When a team is deleted by a user
AARI Request	When a request is deleted by a user When a request is recycled by a user When a request is recovered by a user
AARI Human Task	When a task is edited by a user When a task is submitted by a user When a task is canceled by a user When a task is assigned by a user to another user When a task is canceled (using a cancel type of action by a user or by a bot (AARI Web package))
AARI Bot Task	When the process launched a bot task
AARI Process	When a process is created When a process is edited by a user
AARI Bot Setup	When a new bot is added to the bot setup management When the bot setup management is modified When a bot is deleted by a user
Process Scheduler	When the scheduler configuration is modified

Automation 360