Audit logs

Audit logs are crucial for tracking changes and security-relevant events. Dynatrace can log such events so you can review important changes: when the change was made, by whom, and what was changed. The following events are logged:

  • Any change to Dynatrace configuration
  • Any change to API tokens
  • Logins
  • Logouts

Audit logs include personal identifiable information (PII) such as email addresses and IP addresses of Dynatrace users.

Enable audit logging

By default, environment-wide audit logs are disabled. To enable audit logging

  1. In the Dynatrace menu, go to Settings > Preferences > Data privacy and security.
  2. Enable Log all audit-related system events.

Audit logs are retained for 30 days and automatically deleted afterwards.

You can also enable audit logs via Data privacy API.

Access audit logs of a Dynatrace environment

You can access environment-wide audit logs via the GET audit log API call.

To use the API, you need an API token with the Read audit logs ( permission.

Dynatrace Managed only Access audit logs of a Dynatrace Managed cluster

You can access cluster-wide audit logs of Dynatrace Managed clusters by viewing the audit log files stored in the file system. All audit log files are stored in the log folder. The path to the log folder is documented in Dynatrace Managed hardware and system requirements.

Additionally, Dynatrace Managed offers an audit log viewer in the Cluster Management Console (Audit log in the navigation menu).