About Logs

AlloyScan provides operational and security logs that record what happened on a Site and across the instance. There are 5 site-level logs plus 3 global logs — eight log surfaces in total.

How logs are organized

Site-level logs (under Admin Center > Site Settings > Logs) record events that occur within the boundaries of one Site:

• Audit log — audit operations and their outcomes.
• Scan log — scan operations and their outcomes.
• Notifications log — notification emails queued or sent for Site users.
• Change log — configuration changes inside the Site (segments, users, tags, reports, notification templates, and so on).
• Security log — authentication events and platform-security events.

Global logs (under Admin Center > App management > Logs) record events at instance scope and aggregate across Sites where applicable:

• Notifications log — instance-wide view of notification queue.
• Change log — cross-Site configuration changes; this view adds a Site column so the originating Site is identifiable.
• Security log — instance-wide authentication and platform-security events.

The three global logs share an event surface with their site-level counterparts: any event recorded in a Site Notifications / Change / Security log surfaces in the corresponding global log.

Deployment settings can hide some log surfaces

Some deployments can hide optional log surfaces:

• Security log can be hidden both per-Site and globally.
• Change log can be hidden both per-Site and globally.

If a log surface is not enabled for a deployment, the corresponding log entry is not rendered in any Admin Center menu on that instance.

Completeness caveat

Not every configuration-plane action necessarily produces an entry in the Change log or Security log. Certain operational and service accounts exist specifically to bypass entity metadata tracking. Treat the logs as the primary record of administrator-driven changes, but do not assume every administrative-scope change is attributable to a named operator in these logs.

Note: Details may vary by deployment.

Why this design

Splitting logs by domain (Audit / Scan / Notifications / Change / Security) makes it practical to pivot on the right axis when investigating an incident. Splitting by scope (per-Site versus instance-global) lets a Site Administrator review tenant-bound activity without seeing other tenants, while a Global Administrator can correlate across the whole fleet.

Limitations

• Log export UX is not exhaustively exercised in the current build.
• Retention is documented for the Security log (default 90 days, controlled by the SecurityLogs:RetentionDays setting and enforced only when the flag is on); retention for the other four log types is not explicitly documented.
• Log grids share the default 1000-row cap with Inventory grids; use Load all sparingly.

Related

• Logs Reference
• Troubleshooting
• About the Admin Center