Audit logs
Root users can view application event audit logs from the Admin panel Audit logs tab.
Application event audit logs are retained for 365 days by default. In Platform Enterprise, this retention period can be customized. You can also disable automatic audit log deletion with TOWER_CRON_AUDIT_LOG_CLEAN_UP_ENABLED.
Audit log versions in 26.1
Seqera Platform Enterprise 26.1 introduces the audit log v2 schema as a breaking change for direct database consumers and custom ETL jobs.
- The legacy audit log schema remains in the
tw_audit_logtable. - The new audit log v2 schema is written to a separate table.
- The v2 schema is not backward-compatible with the legacy schema. Field names, structure, and pagination behavior differ.
- The v2 Admin panel view and CSV export are available when
TOWER_AUDIT_LOG_V2_WRITE_MODEis set todualorv2.
Use TOWER_AUDIT_LOG_V2_WRITE_MODE to control how new audit events are written:
dual: Write new events to bothv1schema andv2schema. This is the recommended 26.1 migration mode if you need to validate the v2 schema while keeping existing v1 integrations unchanged.v2: Write new events tov2schema only.
Upgrade path for existing integrations
If you have existing scripts, exports, or ETL processes that read from the legacy audit log schema, plan the 26.1 upgrade in two stages:
- Upgrade to 26.1.
- Validate your integrations against the v2 schema while your existing v1 readers continue to work from the legacy table.
In the 26.1 migration plan, dual-write is transitional. Plan for 26.2 to make v2 the only write-side schema, while the legacy v1 data remains available for reads as long as your retention policy still covers the required historical period.
Audit log event format
When audit log v2 is enabled, the Admin panel shows the following event details:
- Timestamp: Event timestamp in ISO 8601 format.
- Event: The audit event name, such as
user_sign_inorcredentials_created. - Actor: Whether the event was triggered by a user or by the system, including point-in-time user details for user-initiated events.
- Client: Client IP address, user agent, and access token ID when available. Client details are empty for system-initiated events.
- Target: The resource type, ID, and resource name associated with the event.
- Organization: The organization ID and name for organization-scoped or workspace-scoped resources.
- Workspace: The workspace ID and name for workspace-scoped resources.
- Correlation ID: An identifier that links all audit events emitted as part of the same cascade action.
For organization-scoped, personal workspace-scoped, or system-wide targets, the organization and workspace columns display N/A labels to indicate when a field does not apply to that resource scope.
CSV exports use the same v2 schema and date filters as the Admin panel view. You can control the maximum export size with TOWER_AUDIT_LOG_V2_CSV_EXPORT_MAX_LOGS.
Audit log events
Audit logs include administration, security, and application resource events.
Resource | Events logged | Note |
|---|---|---|
Access tokens | Add, delete | Log entry includes the access token ID. |
Compute environments | Add, edit, edit primary, delete | Log entry includes the compute environment ID. Edit event entries do not include the edited parameters. An entry is also recorded when workspace compute environments are made primary or removed from primary. |
Credentials | Add, edit, delete, access | Log entry includes the credential ID. A log entry is also created each time the credentials are accessed by the application. |
Datasets | Add, edit, delete, upload, download | Log entry includes the dataset version |
Data Explorer cloud buckets | Add, edit, remove, hide, show | Events for public and private buckets are logged. |
Data Explorer files | Download, upload, preview | Events for public and private bucket files are logged. |
Labels and resource labels | Add, edit, delete | Log entry includes the label ID. |
Managed identities | Add, edit, delete | Log entry includes the managed identity ID. |
Organizations | Add, edit, delete | Log entry includes the organization ID. |
Organization members | Add, update role, delete | Log entry includes the organization member user ID. The associated organization ID is recorded in the |
Organization settings | Edit | Log entry includes the organization ID. |
Participants | Add, update role, delete | Log entry includes the participant ID. The associated workspace ID is recorded in the |
Pipelines | Add, edit, delete | Edit event entries do not include the edited parameters. Log entry includes the pipeline ID. |
Pipeline actions | Add, edit, pause, unpause, delete | Log entry includes the pipeline action ID. |
Pipeline secrets | Add, edit, delete | Log entry includes the pipeline secret ID. |
Runs | Launch, create, relaunch, resume, status change, complete, delete, drop | Relaunched/resumed runs are stored with the initial launch run ID. Deleted runs are marked for deletion before being dropped from the runs database by the application backend (constituting two events). |
Studios sessions | Add, start, connect, disconnect, stop, delete | Temporary states (starting, stopping, deleting) are not logged. |
Studios custom environments | Build start, build success, build fail | Applies only to Wave-enabled custom environment creation. |
Teams | Add, edit, delete | Log entry includes the team ID. |
Team members | Add, delete | Log entry includes the user ID of the team member. The associated team ID is recorded in the |
Team workspaces | Add, edit, delete | Events are recorded when access to a workspace is granted to or removed from a team. An event is also recorded when a team workspace role is updated. |
Users | Add, edit, delete | Log entry includes the user ID. See user deletion. |
User sessions | Login | Login event entries include the login IP address. |
Workspaces | Add, edit, delete | Log entry includes the workspace ID. |
Pre and post state change capture
When enabled, audit log v2 captures full resource state snapshots or images immediately before and after each change event in JSON format. This provides a complete record of what changed and satisfies regulatory requirements (such as GxP/21 CFR Part 11). Fields that are large or that may contain sensitive values are hashed.
State snapshots increase database storage requirements. For a deployment with 2 million audit log records, the snapshots can consume between 3 GB and 40 GB depending on the events and the size and complexity of the tracked resources. Plan your database capacity and retention policy accordingly before enabling this feature.
This feature is enabled once the GxP add-on is attached to your Seqera license. Contact us to obtain the GxP add-on.