Audit Logs
ProxCenter maintains a comprehensive audit trail of all user actions performed through the platform. The Audit Log provides visibility into who did what, when, and on which resource -- essential for security reviews, compliance, and troubleshooting.
Viewing Audit Logs
Navigate to Security > Audit Logs to access the full log. Each entry includes:
| Field | Description |
|---|---|
| Timestamp | Date and time the action was performed |
| User | The user who initiated the action, displayed with their role badge |
| Action | The type of operation (e.g., vm.start, user.invite, role.update) |
| Resource | The target resource (VM name, user email, role name, etc.) |
| Details | Additional context such as parameters, old/new values, or error messages |
| IP Address | The IP address from which the action originated |
Tracked Actions
The audit log captures actions across all areas of ProxCenter:
- Infrastructure -- Starting, stopping, creating, deleting, and migrating VMs and containers
- Backups -- Creating, restoring, and deleting backups
- Snapshots -- Creating, restoring, and removing snapshots
- User Management -- Inviting, editing, disabling, and removing users
- RBAC -- Creating, editing, and deleting roles; assigning roles to users
- Connections -- Adding, editing, and removing Proxmox connections
- Settings -- Modifying platform configuration, license activation
- Authentication -- Login attempts (successful and failed), password resets
Filtering and Search
The audit log provides several ways to narrow down entries:
Search
Use the search bar to find entries by keyword. The search matches against user names, action types, resource names, and details.
Filters
Apply filters to focus on specific activity:
| Filter | Options |
|---|---|
| Date range | Select a start and end date to view a specific time period |
| User | Show actions by a specific user |
| Action category | Filter by category (Infrastructure, Security, Operations, etc.) |
| Resource type | Filter by resource type (VM, container, user, role, etc.) |
Combine multiple filters to quickly find specific events. For example, filter by a user and date range to review all actions taken by that user during an incident window.
Log Retention
Audit log retention depends on your ProxCenter plan:
| Plan | Retention Period |
|---|---|
| Community | 7 days |
| Pro | 30 days |
| Enterprise | 1 year |
Once the retention period expires, log entries are permanently deleted and cannot be recovered. If you need long-term retention for compliance purposes, consider exporting your logs regularly or upgrading to a plan with longer retention.
Exporting Logs
Administrators can export audit logs for external archival or analysis:
- Apply any desired filters to narrow the dataset
- Click Export
- Choose a format (CSV or JSON)
- The file will be downloaded to your browser
Exported files include all fields for each log entry within the selected filter criteria.
Permissions
Access to Audit Logs requires the following RBAC permission:
| Permission | Description |
|---|---|
admin.audit | View and export audit log entries |