Audit trail log is used to log all the operations related to users, groups and permissions.
Below is a sample log entry from the Audit trail log.
2023-10-20T12:53:37.758Z|269cdf00fb8d37bc|UNKNOWN|UNKNOWN|jfob@01ghgxbgvwj0tf0b24bs971stn|jfob@01ghgxbgvwj0tf0b24bs971stn|C|TKN|{"added":{"owner":"jfob@01ghgxbgvwj0tf0b24bs971stn","created":"1697806417757","expirationTime":"1697806537757","subject":"jfob@01ghgxbgvwj0tf0b24bs971stn","scope":"api:* applied-permissions/admin","id":"0f787168-5851-4cf5-9e22-800ada152ba5","type":"generic"}}
The User IP and Username in the above log entry are marked as UNKNOWN. This means that this operation was performed using an internal service token by the micro services of Artifactory and this is only used for internal communication.
If the operation was performed by an user through any client, then the log entry will be as follows:
2023-11-23T12:08:52.972Z|7b8029fec93e9189|10.20.30.40|admin|jfrt@01h1h4qav5zhce1w9en5hf05h4|sample|D|USR|{"removed":{"customData.updatable_profile":"true","customData.policy_viewer":"false","customData.disabled_password":"false","groups.readers":"UserGroupImpl(name=readers, realm=internal)","customData.policy_manager":"false","password":"*","realm":"internal","customData.watch_manager":"false","customData.blockUiView":"false","email":"test@gmail.com","customData.reports_manager":"false","status":"enabled","username":"sample"}}