Auditing is done using a capability, as described in Accessing and Configuring Capabilities called Audit. For your convenience, this capability is created and enabled by default.

When enabled, a log file located in $data-dir/log/audit/audit.log will be updated each time a user (or internal processes) modify the configuration of NXRM, as well as any asset and component additions and removals.  Each line of this log contains an unformatted JSON message representing a single audit item.  Find a list of available attributes in these JSON messages below:

timestampThe date and time this event occurred2019-02-04 18:12:07,856-0500
nodeIdThe nodeId of the NXRM instance (used to correlate audit logs across multiple NXRM instances)5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154
initiatorThe initiator of the event, often a username/host combination, unless an interally generated eventadmin/
domainFunctional area of the systemsecurity.user
typeAction performed in this domaincreated
contextIdentifying details of the eventmynewusername
attributesMap of key:value pairs that contain more details about the event{"id":"mynewusername","name":"John Doe","email":"","source":"default","status":"active","roles":"nx-admin"}

This log file will rotate daily, and a maximum of 90 days worth of files will be retained.

Where is the Audit user interface?


The database which stored audit events and the interface at Administration → System → Audit has been replaced by an audit log text file. The new implementation is better performing and more easily integrated with external tooling.