In the Reports → Audit section users can view records of changes made in the frontend.
Audit logging should be enabled in the Administration settings to display audit records. If logging is disabled, history of frontend changes does not get recorded to the database and audit records cannot be viewed.
Audit log displays the following data:
|Time||Timestamp of the audit record.|
|User||User who performed the activity.|
|IP||IP from which the activity was initiated.|
|Resource||Type of the affected resource (host, host group, etc.).|
|Action||Activity type: Login, Logout, Added, Updated, Deleted, Enabled, or Disabled.|
|ID||ID of the affected resource. Clicking on the hyperlink will result in filtering audit log records by this resource ID.|
|Recordset ID||Shared ID for all audit log records created as a result of the same frontend operation. For example, when linking a template to a host, a separate audit log record is created for each inherited template entity (item, trigger, etc.) - all these records will have the same Recordset ID.
Clicking on the hyperlink will result in filtering audit log records by this Recordset ID.
|Details||Description of the resource and detailed information about the performed activity. If a record contains more than two rows, an additional link Details will be displayed. Click on this link to view the full list of changes.|
The filter is located below the Audit log bar. It can be opened and collapsed by clicking on the Filter tab in the upper right corner.
You may use the filter to narrow down the records by user, affected resource, resource ID and frontend operation (Recordset ID). You may also select the action (e. g., add, update, delete, etc) for the resource. Since Zabbix 6.0.5 one or more actions can be selected.
For better search performance, all data is searched with macros unresolved.
The time period selector allows to select often required periods with one mouse click. The time period selector can be opened by clicking on the time period tab next to the filter.