How to Use BETA Audit Logs?

How to Use BETA Audit Logs?

Introduction

The BETA version of functional audit logs in the Proget system provides a detailed and accessible overview of administrative actions performed on the server. It allows for reviewing changes made and analyzing completed operations, supporting precise monitoring of event history. With extensive search options, administrators can filter logs according to specific criteria, enabling quick identification of events of interest.
The intuitive interface allows access to detailed information on individual modifications. Simply select an event and click on the "Changes" option to view details about what was changed, by whom, and when. This solution provides Proget system administrators with exceptional support, helping them maintain full control over server processes and enabling rapid response to potential irregularities.

Procedure

  1. Log in to the Proget console.
  2. Go to the "Audit Logs" tab.

Filters

Audit log filters are used for precise searching and filtering of events within the logs, enabling quick access to relevant information about system activity. Each filter allows narrowing down the results based on specific criteria:

      
  1.  Action: Allows the selection of a specific type of event to search for. For example, actions such as logging in - user.authenticate, or updating a kiosk profile - profile.kiosk.update can be chosen, limiting the results to events of the selected type only.
    More information about Actions can be found in the final section titled Actions and Their Meaning.
  2. Status: This filter allows you to narrow down results by the execution status of an event. Three options are available: 
    1. Success – searches for events that completed successfully
    2. Failed - displays events that ended in failure
    3. Initiated - shows events that were initiated
  3. Date of occurrence: This filter allows you to specify a date range in which a given event took place. It's useful if you’re looking for events from a specific period, such as the last week or month.
  4. By clicking the '+' icon, you gain access to additional filters that allow for even more precise analysis of the logs:
  5. Correlation ID: Allows you to search for related events, which is particularly useful for tracking a sequence of actions or processes with a common identifier. This makes it easier to follow the flow of information or dependent events.
  6. Details: This filter allows you to enter specific content to filter certain events. For example, entering phrases like "Install application" or "Profile Business" will quickly locate events related to application installation or actions on a business profile.
  7. Performed On: This allows you to specify the object on which the event took place. This way, you can find events related to specific resources, such as devices, profiles, groups, applications...
  8. Performed By: This allows you to specify which object (e.g., user, device, system) performed the given task, enabling the identification of the person or device responsible for a specific action.
Each of these filters enables result narrowing and effective management of large amounts of information, significantly facilitating audit and event monitoring within the system.


Event Information Overview

Basic information about events is available directly in the audit logs tab (1). The administrator can manage the displayed information by clicking on the icon (2).

Changes

To view modifications made, simply hover over the selected event and click on the three-dot symbol (1). Then, if changes were made for that event, the "Changes" option (2) will appear. Selecting it allows you to review the details of the modifications carried out.


The table (3) displays the full profile settings, and by switching the tab, a JSON format is also available, providing a more detailed view. All edited data is automatically highlighted in blue, making modifications easier to spot, such as a PIN change (4) or application update (5) in the kiosk profile. To view only the changed parts, you can select the "Show only changes" option (6), allowing quick identification of modifications and easier tracking of updates made.



Raw Data

This functionality enables an in-depth analysis of each event, presenting a complete set of information. In this view, details such as the author of changes, the configuration state before and after modification, and many other data points are available, providing comprehensive insight into the event history. To display this information, click the three-dot symbol (1) next to the selected event, then choose the Raw Data option (2).




Actions and Their Meaning

Profiles

Profile Name Action Description
ActiveSync profile.activeSync.add Added ActiveSync profile
ActiveSync profile.activeSync.remove Removed ActiveSync profile
ActiveSync profile.activeSync.update Updated ActiveSync profile
APN profile.apn.add Added APN profile
APN profile.apn.remove Removed APN profile
APN profile.apn.update Updated APN profile
Apple Business Manager profile.appleBusinessManager.add Added Apple Business Manager profile
Apple Business Manager profile.appleBusinessManager.remove Removed Apple Business Manager profile
Apple Business Manager profile.appleBusinessManager.update Updated Apple Business Manager profile
Application rules profile.applicationRules.add Added Application Rules profile
Application rules profile.applicationRules.remove Removed Application Rules profile
Application rules profile.applicationRules.update Updated Application Rules profile
Backup profile.backup.add Added Backup profile
Backup profile.backup.remove Removed Backup profile
Backup profile.backup.update Updated Backup profile
Certificate profile.certificate.add Added Certificate profile
Certificate profile.certificate.remove Removed Certificate profile
Certificate profile.certificate.update Updated Certificate profile
Certificate mapping profile.certificateMapping.add Added Certificate Mapping profile
Certificate mapping profile.certificateMapping.remove Removed Certificate Mapping profile
Certificate mapping profile.certificateMapping.update Updated Certificate Mapping profile
Connectivity profile.connectivity.add Added Connectivity profile
Connectivity profile.connectivity.remove Removed Connectivity profile
Connectivity profile.connectivity.update Updated Connectivity profile
Business contacts profile.contacts.add Added Business Contacts profile
Business contacts profile.contacts.remove Removed Business Contacts profile
Business contacts profile.contacts.update Updated Business Contacts profile
Custom Apple Configuration profile.customAppleConfiguration.add Added Custom Apple Configuration profile
Custom Apple Configuration profile.customAppleConfiguration.remove Removed Custom Apple Configuration profile
Custom Apple Configuration profile.customAppleConfiguration.update Updated Custom Apple Configuration profile
Business documents profile.documents.add Added Business documents profile
Business documents profile.documents.remove Removed Business documents profile
Business documents profile.documents.update Updated Business documents profile
Geofencing profile.geofencing.add Added Geofencing profile
Geofencing profile.geofencing.remove Removed Geofencing profile
Geofencing profile.geofencing.update Updated Geofencing profile
Kiosk profile.kiosk.add Added Kiosk profile
Kiosk profile.kiosk.remove Removed Kiosk profile
Kiosk profile.kiosk.update Updated Kiosk profile
Location profile.location.add Added Location profile
Location profile.location.remove Removed Location profile
Location profile.location.update Updated Location profile
MTP profile.mtp.add Added MTP profile
MTP profile.mtp.remove Removed MTP profile
MTP profile.mtp.update Updated MTP profile
IMAP/POP profile.popImap.add Added IMAP/POP profile
IMAP/POP profile.popImap.remove Removed IMAP/POP profile
IMAP/POP profile.popImap.update Updated IMAP/POP profile
SCEP profile.scep.add Added SCEP profile
SCEP profile.scep.remove Removed SCEP profile
SCEP profile.scep.update Updated SCEP profile
VPN profile.vpn.add Added VPN profile
VPN profile.vpn.remove Removed VPN profile
VPN profile.vpn.update Updated VPN profile
Wallpaper profile.wallpaper.add Added Wallpaper profile
Wallpaper profile.wallpaper.remove Removed Wallpaper profile
Wallpaper profile.wallpaper.update Updated Wallpaper profile
Wi-Fi profile.wifi.add Added Wi-Fi profile
Wi-Fi profile.wifi.remove Removed Wi-Fi profile
Wi-Fi profile.wifi.update Updated Wi-Fi profile

Groups

Action Description
group.add Added group
group.application.update Updated group application
group.device.assign Assigned devices to group
group.device.unassign Unassigned devices from group
group.filter.update Updated group filter
group.name.update Updated group name
group.policy.update Updated group policies
group.profile.update Updated group profile
group.remove Removed group
groupPriorities.update Updated group priorities

Labels

Action Description
label.add Added label
label.assign Assigned label
label.remove Removed label
label.set Set label
label.unassign Unassigned label
label.update Updated label

Policies

Action Description
policy.add Added policy
policy.remove Removed policy
policy.update Updated policy

Apps

Action Description
application.basicInformation.update Updated basic application information
application.configuration.add Added application configuration
application.configuration.remove Removed application configuration
application.configuration.update Updated application configuration
application.configuration.updateAvailable.inform New application configuration available
application.feedback.send Sent application feedback
application.origin.device.add Added device-originated application
application.origin.device.remove Removed device-originated application
application.origin.externalResource.add Added application from external resource
application.origin.externalResource.remove Removed application from external resource
application.origin.externalResource.update Updated application from external resource
application.origin.file.add Added file-originated application
application.origin.file.download Downloaded file-originated application
application.origin.file.remove Removed file-originated application
application.origin.file.update Updated file-originated application
application.origin.store.add Added store-originated application
application.origin.store.remove Removed store-originated application
application.remove Removed application (Error)
application.runtimePermissions.update Updated application permissions
application.schema.add Added application configuration schema
application.schema.remove Removed application configuration schema
application.schema.update Updated application configuration schema
application.synchronize Synchronized application

Service

Action Description
service.device.securityCode.get Retrieved device security code
service.device.servicePassword.get Retrieved device service password from history

Settings

Action Description
settings.ldap.add Added LDAP configuration
settings.ldap.remove Removed LDAP configuration
settings.ldap.update Updated LDAP configuration
settings.microsoftEntraId.add Added Microsoft Entra ID configuration
settings.microsoftEntraId.remove Removed Microsoft Entra ID configuration
settings.microsoftEntraId.update Updated Microsoft Entra ID configuration
settings.role.add Added role
settings.role.remove Removed role
settings.role.update Updated role

Reports 

Action Description
report.configuration.add Added report configuration
report.configuration.remove Removed report configuration
report.configuration.update Updated report configuration
report.generate Generated report

Devices

Action Description
device.activate Device activation
device.activationLock.disable Device activation lock disabled
device.activationLock.enable Device activation lock enabled
device.androidEnterprise.status.check Checked Android Enterprise device status
device.appleBusinessManager.association.add Added association with Apple Business Manager
device.appleBusinessManager.association.remove Removed association with Apple Business Manager
device.application.installed.inform Informed about application installation
device.application.uninstalled.inform Informed about application uninstallation
device.card.servicePassword.get Retrieved device service password from card
device.dataUsage.report.remove Removed data usage report
device.deactivate Device deactivation
device.ownership.update Updated device ownership
device.playIntegrity.verify Verified Play integrity
device.remove Removed device
device.security.blueborneVulnerability.inform Informed about Blueborne vulnerability
device.security.databaseError.inform Informed about database error
device.security.dnsChanged.inform Informed about DNS change
device.security.gatewayChanged.inform Informed about gateway change
device.security.kiosk.disabledByPin.inform Informed about kiosk disabled by PIN
device.security.knoxWarrantyBitTriggered.inform Informed about Knox Warranty Bit activation
device.security.locationMocking.inform Informed about location mocking
device.security.lostMode.disabledByPin.inform Informed about lost mode disabled by PIN
device.security.proxyChanged.inform Informed about proxy change
device.security.recoveryRequested.inform Informed about device recovery request
device.security.rogueWifi.inform Informed about rogue Wi-Fi network
device.security.rootStatus.inform Informed about device root status
device.security.seLinuxDisabled.inform Informed about SE Linux disabled
device.security.unencryptedStatus.inform Informed about unencrypted device status
device.security.unsafeAdmins.inform Informed about unsafe administrators
device.security.unsecuredWifiConnected.inform Informed about unsecured Wi-Fi connection
device.security.usbDebugEnabled.inform Informed about USB debugging enabled
device.task.alarm.send Sent alarm message
device.task.application.configuration.update Updated application configuration
device.task.application.data.clear Cleared application data
device.task.application.disable Disabled application
device.task.application.enable Enabled application
device.task.application.enterprise.account.readd Re-added Android Enterprise account
device.task.application.get Retrieved managed application list
device.task.application.origin.externalResource.install Installed application from external resource
device.task.application.origin.file.install Installed file application
device.task.application.origin.store.install Installed store application
device.task.application.origin.store.uninstall Uninstalled store application
device.task.application.origin.store.update Updated store application
device.task.application.runtimePermission.update Updated application runtime permissions
device.task.application.start Started application
device.task.application.uninstall Uninstalled application
device.task.application.uninstall.disable Disabled application uninstallation
device.task.application.uninstall.enable Enabled application uninstallation
device.task.auditLogs.export Exported audit logs
device.task.backup.download Downloaded backup
device.task.backup.force Forced backup
device.task.backup.restore Restored backup
device.task.call.forward.disable Disabled call forwarding
device.task.call.forward.enable Enabled call forwarding
device.task.calls.report.generate Generated call report
device.task.contacts.report.generate Generated contact report
device.task.container.lock Locked container
device.task.container.password.force Forced container password
device.task.container.password.reset Reset container password
device.task.container.suspend Suspended container
device.task.container.unsuspend Resumed container
device.task.dataUsage.report.generate Generated data usage report
device.task.deactivate Device deactivation
device.task.device.password.force Forced device password
device.task.device.password.reset Reset device password
device.task.fcm.refresh Refreshed FCM token
device.task.info.send Sent information
device.task.kiosk.disable Disabled kiosk
device.task.kiosk.enable Enabled kiosk
device.task.locate Located device
device.task.lostMode.disable Disabled lost mode
device.task.lostMode.enable Enabled lost mode
device.task.lostMode.locate Located device in lost mode
device.task.mdm.remove Removed MDM
device.task.mdm.update Updated MDM
device.task.message.send Sent message
device.task.policy.activationLock.allow Allowed activation lock
device.task.policy.application.store.get Retrieved store applications
device.task.policy.content.filter Applied content filter
device.task.policy.defaultDomains.get Retrieved default domains
device.task.policy.passcode.get Retrieved passcode
device.task.policy.update Updated policies
device.task.profile.activeSync.assign Assigned ActiveSync profile
device.task.profile.activeSync.unassign Unassigned ActiveSync profile
device.task.profile.activeSync.update Updated ActiveSync profile
device.task.profile.apn.assign Assigned APN profile
device.task.profile.apn.unassign Unassigned APN profile
device.task.profile.apn.update Updated APN profile
device.task.profile.appleBusinessManager.assign Assigned Apple Business Manager profile
device.task.profile.appleBusinessManager.unassign Unassigned Apple Business Manager profile
device.task.profile.appleBusinessManager.update Updated Apple Business Manager profile
device.task.profile.applicationRules.assign Assigned Application Rules profile
device.task.profile.applicationRules.unassign Unassigned Application Rules profile
device.task.profile.applicationRules.update Updated Application Rules profile
device.task.profile.backup.assign Assigned Backup profile
device.task.profile.backup.unassign Unassigned Backup profile
device.task.profile.backup.update Updated Backup profile
device.task.profile.certificate.assign Assigned Certificate profile
device.task.profile.certificate.unassign Unassigned Certificate profile
device.task.profile.certificate.update Updated Certificate profile
device.task.profile.certificateMapping.assign Assigned Certificate Mapping profile
device.task.profile.certificateMapping.unassign Unassigned Certificate Mapping profile
device.task.profile.certificateMapping.update Updated Certificate Mapping profile
device.task.profile.connectivity.assign Assigned Connectivity profile
device.task.profile.connectivity.unassign Unassigned Connectivity profile
device.task.profile.connectivity.update Updated Connectivity profile
device.task.profile.contacts.assign Assigned Business Contacts profile
device.task.profile.contacts.unassign Unassigned Business Contacts profile
device.task.profile.contacts.update Updated Business Contacts profile
device.task.profile.customAppleConfiguration.assign Assigned Custom Apple Configuration profile
device.task.profile.customAppleConfiguration.unassign Unassigned Custom Apple Configuration profile
device.task.profile.customAppleConfiguration.update Updated Custom Apple Configuration profile
device.task.profile.documents.assign Assigned Corporate Documents profile
device.task.profile.documents.unassign Unassigned Corporate Documents profile
device.task.profile.documents.update Updated Corporate Documents profile
device.task.profile.geofencing.assign Assigned Geofencing profile
device.task.profile.geofencing.unassign Unassigned Geofencing profile
device.task.profile.geofencing.update Updated Geofencing profile
device.task.profile.kiosk.assign Assigned Kiosk profile
device.task.profile.kiosk.unassign Unassigned Kiosk profile
device.task.profile.kiosk.update Updated Kiosk profile
device.task.profile.location.assign Assigned Location profile
device.task.profile.location.unassign Unassigned Location profile
device.task.profile.location.update Updated Location profile
device.task.profile.mtp.assign Assigned MTP profile
device.task.profile.mtp.unassign Unassigned MTP profile
device.task.profile.mtp.update Updated MTP profile
device.task.profile.popImap.assign Assigned IMAP/POP profile
device.task.profile.popImap.unassign Unassigned IMAP/POP profile
device.task.profile.popImap.update Updated IMAP/POP profile
device.task.profile.scep.assign Assigned SCEP profile
device.task.profile.scep.unassign Unassigned SCEP profile
device.task.profile.scep.update Updated SCEP profile
device.task.profile.vpn.assign Assigned VPN profile
device.task.profile.vpn.unassign Unassigned VPN profile
device.task.profile.vpn.update Updated VPN profile
device.task.profile.wallpaper.assign Assigned Wallpaper profile
device.task.profile.wallpaper.unassign Unassigned Wallpaper profile
device.task.profile.wallpaper.update Updated Wallpaper profile
device.task.profile.wifi.assign Assigned Wi-Fi profile
device.task.profile.wifi.unassign Unassigned Wi-Fi profile
device.task.profile.wifi.update Updated Wi-Fi profile
device.task.quarantine.clear Cleared quarantine tasks
device.task.remote.connection.close Closed remote connection
device.task.remote.offer Started remote connection
device.task.reset Reset device
device.task.screen.lock Locked device screen
device.task.simPinning.disable Disabled SIM pinning
device.task.simPinning.enable Enabled SIM pinning
device.task.sms.report.generate Generated SMS report
device.task.status.send Sent status
device.task.update.get Retrieved update information
device.task.wipe Wiped device data
device.user.assign Assigned user
device.user.unassign Unassigned user
backup.remove.force Removed device backup
customAppleCommand.send Sent Custom Apple Command

Device auto enrollment

ActionDescription
autoEnrollment.addAdded automatic device enrollment
autoEnrollment.removeRemoved automatic device enrollment
autoEnrollment.updateUpdated automatic device enrollment