Help Center

Management Console audit log

Starting with version 2.6.0 MC keeps records of activity going on there. All events are recorded in json format in audit.log file in Console's storage folder and makes it possible to monitor users that login or logout and make changes to Resilio Connect configuration. 

It has the following format. Only action and timestamp are present in all events. Other fields may be missing, depending on event itself. 

"action": "action performed by a user or agent" ,
"timestamp": "timestamp of event in unix format in milliseconds ,
"source": {"Information about source machine of the action, IP address, device and browser agent of a user who performed an action, when user tries to login or agent tries to connect"}
"initiator":{ "user or other object who initiated the action" },
"target": {"object that is changed/created by action"},
"parameters": {"different actions for different object types have their own set of parameters"}
"changes": {
"to": {"new object's settings" },
"from": {"previous object's settings. For new objects this field is empty. }

“_type” indicates the object from which (“initiator”) or on which (“target”) action was performed:

InternalUserModel - MC’s user
UserGroupModel - MC’s user group
DSUserModel - Domain Service User
DSGroupModel - Domain Service user group
Server - Management Console. Is source when new agent connects or at failed agent connect attempt.
Schedule - is source when job run is started or stopped by schedule
SRVCTRL - reset password, create new user or restore backup from a terminal via srvctrl
API - by API token

Additionally, following types are the models of newly created objects: TagModel, BackupModel,  ClientModel, ScheduleModel, ApiTokenModel, SupportRequestModel, GroupModel, JobProfileModel, AgentProfileModel, ServerProfileModel, SyncJobModel, TransferJobModel, BackupJobModel, ScriptJobModel.


The following actions are implemented: 

 'create' / 'delete' /  'update’

Object (‘target’) was created, updated or deleted. If new agent connects to MC this counts as ‘create’ action.
 'start' / 'stop'
Management Console process starts or stops. When restoring backup, these two events appear automatically, since restoring backup is accompanied with MC restart. 
Sync job or Job Run was started or stopped.

'sign up' / 'login' /  'logout'

'failed login attempt'

'incorrect password'


User actions for accessing MC UI. Action 'failed login attempt'  means user entered invalid username. After 10 failed login attempts, user is blocked and event 'block' appears.

'generate reset password token’

 'reset password'

'generate reset password token’ action means that super admin generated reset password token for blocked user via MC UI or generated reset password link for user via srvctrl.
'reset password' appears when password is reset from MC UI via reset password link.

'restore backup’

Backup is restored by a user or from terminal via srvctrl. This event is followed by MC restart with two events stop/start accordingly. 
'invalid api token' Action of an API request with an invalid token. 
 'failed agent connect attempt' An agent failed to connect to MC because of invalid bootstrap token
Was the article helpful? Yes / No, send feedback on article Thanks!

Please note that we won't mail you back. This is just purely feedback on the article above. If you need help from our Support Team, please use the "Contact Support" link at the top of the page.