Auditing is done using a capability, as described in Capabilities called Audit. For your convenience, this capability is created and enabled by default.

When enabled, a log file located in $data-dir/log/audit/audit.log will be updated each time a user (or internal processes) modifies the configuration of Nexus Repository, as well as any asset and component additions and removals. Each line of this log contains an unformatted JSON message representing a single audit item. This table has a list of available attributes in these JSON messages:

timestampThe date and time this event occurred2019-02-04 18:12:07,856-0500
nodeIdThe nodeId of the instance (used to correlate audit logs across multiple instances)5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154
initiatorThe initiator of the event, often a username/host combination, unless an interally generated eventadmin/
domainFunctional area of the system
typeAction performed in this domaincreated
contextIdentifying details of the eventmynewusername
threadThread name of the event initiator. Thread name can help correlate related log lines from other log files. 
NEW IN 3.25.0
attributesMap of key:value pairs that contain more details about the event{"id":"mynewusername","name":"John Doe","email":"","source":"default","status":"active","roles":"nx-admin"}

This log file will rotate daily, and a maximum of 90 days worth of files will be retained.