How to Filter Logs for Operations Performed by Tenant Administrators

auth0.knowledge3 · November 28, 2024, 7:36pm

Overview

This article details how to filter logs for operations performed by tenant administrators. Tenant logs are streamed to an external service.

Applies To

Tenant Logs

Solution

There is no comprehensive list of the types of logs that will be recorded when tenant administrators perform various operations. However, here is some information.

Type: API Operation (sapi)

“channel”: “https://manage.auth0.com/”

This is one of the most common logs. If a tenant administrator performs an API Operation (e.g., Updating a client) on the Dashboard, it will see “channel”: “https://manage.auth0.com/” in this type of log. Also, the auth object will include the tenant administrator’s information (e.g., user_id).

"channel": "https://manage.auth0.com/",
      "ip": "XXX.XX.XXX.XXX",
      "auth": {
        "user": {
          "user_id": "samlp|okta|bob@example.com",
          "name": "Bob",
          "email": "bob@example.com"
        },

Type: API Operation (sapi)

“channel”: “API”

However, please keep in mind that if “channel”: “api” is recorded, it does not necessarily mean the operation was performed by a tenant administrator. For example, it could be an operation triggered by the application. It could also be an operation performed by a tenant administrator using various tools other than Dashboard (e.g., Postman). In this scenario, the auth object will not include the tenant administrator’s information (e.g., user_id).

"channel": "api",
      "ip": "XXX.XX.XXX.XXX",
      "auth": {
        "user": {},

Usually, patch, delete, and create operations will be recorded in tenant logs. However, there is an exception. If a tenant administrator calls a Management API GET operation returning secrets, it will be recorded as shown below.

  "date": "2024-10-19T04:59:12.995Z",
  "type": "mgmt_api_read",
  "description": "Get client by ID",
  "client_id": "xxxxxxxxxxxxxxxxx",
  "client_name": "",
  "ip": "xxx.xx.xxx.xxx",
  "user_agent": "Chrome 129.0.0 / Mac OS X 10.15.7",
  "details": {
    "accessedSecrets": [
      "client_secret"
    ],

Reference: Log Event Type Codes

If streaming tenant logs to external services, consider how to filter tenant logs on their side based on the above information.

Topic		Replies	Views
Failed API Operation Logs "fapi" Knowledge Articles api , management_api , tenant-logs	1	449	January 8, 2024
Audit logs every actions Feedback	8	4667	May 4, 2022
Management API - Logs search Help api , logs	3	3218	February 4, 2020
How can I get /v2/api/user log? Help management-api , users	3	535	December 6, 2023
Audit Logs for a Connection Knowledge Articles logs , connection , tenant-logs	1	1695	September 21, 2022

How to Filter Logs for Operations Performed by Tenant Administrators

Overview

Applies To

Solution

Type: API Operation (sapi)

“channel”: “https://manage.auth0.com/”

Type: API Operation (sapi)

“channel”: “API”

Related topics