Audit logs provide a history of activity in the security system. Any activity that modifies the state of the security system, either via a configuration change or direct command, is logged in the audit history. Successful logins to the system, along with any requested data exports, are also logged in the audit history. Generated audit logs are time-stamped and available for 31 days. 

Audit Logs List

Select Audit Logs from the sidebar to display the Audit Logs list. The list is sorted by the Created date, with the newest audit log at the top.

• Audit Log: Identifies the audit log by its activity date range. Audit logs that are generated display the Download button . While an audit log is generating, the progress icon is displayed.
• Expiration Date: Displays the date when a generated audit log will expire, after which it will be removed.
• Status: Shows "Available" for audit logs that can be downloaded. "Pending" indicates an audit log is being generated so is not ready to download.
• Start Date: The beginning date for system activity to be included in the audit log. (System activity is stored as individual audit records in the database for 90 days.)
• End Date: The end date for system activity to be included in the audit log.

• Created: Displays the date the audit log was created.

• Time Zone: Displays the system time zone from System Options. By default, Eastern Standard Time (New York) is used if a time zone is not available.

Audit Log File Download

Audit logs are downloaded as CSV (Comma-Separated Values) files. CSV files can be opened in table-oriented applications.

An audit log showing the status of "Available" is ready for download. When the audit log is within 24 hours of its expiration, the remaining time will be displayed. Upon expiration, the audit log is removed from the list.

How to Read an Audit Log

Audit record information:

• Correlation ID: Identifies records that correlate to a user-initiated event. These records are all related to a single operation initiated from the portal. (See Is Parent.)

  Correlation ID	User Name	Timestamp	Audited Name	Audited Type	Is Parent	Operation
  477f2e65-9e66-4f48-8228-2104fe4ca4d0	'Chrissy Smalls	8/20/2019 17:19	'Cafeteria	Space	FALSE	spaceCreated
  477f2e65-9e66-4f48-8228-2104fe4ca4d0	'Chrissy Smalls	8/20/2019 17:19	'Cafeteria	Space	FALSE	AssignmentsChanged
  477f2e65-9e66-4f48-8228-2104fe4ca4d0	'Chrissy Smalls	8/20/2019 17:19	'Cafeteria	Space	TRUE	spaceAdded

• Customer ID: Identifies the customer.
• Reseller ID: Identifies the reseller.
• User ID: Identifies the user.
• User Name: The name of the user that performed the action. User-entered values are generated with a string escape character (') to prevent Excel from interpreting any special characters as a macro.
• Account ID: Identifies the reseller or customer account number.
• Timestamp (UTC): The time during which the activity occurred, in Coordinated Universal Time.
• Timestamp (EST): The time during which the activity occurred, in the time zone requested upon audit log generation.
• Audited ID: This is the unique ID of the object being audited, and can be used to correlate records of interest.
• Audited Name: The name of the object that was acted upon. The string escape character is also generated for this value.
• Audited Type: Describes which area of the system is responsible for the audited action.
• Is Parent: If true - Identifies a record that corresponds to a user-initiated action. All other records with the same Correlation ID correspond to the subsequent actions taken as a result of that user-initiated action.
• Operation: Describes the action.
• IP: Contains the IP address of the browser client that sent the initiating request.

• Details: Based on the type of activity, contains the details of an object's new state. For activity such as "deviceDeleted" or "personDeleted", the Details field is empty.

© 2025 Honeywell International Inc. All Rights Reserved.