Audit logs

Root users can view application event audit logs from the Admin panel Audit logs tab.

info

Application event audit logs are retained for 365 days by default. In Platform Enterprise, this retention period can be customized. You can also disable automatic audit log deletion with TOWER_CRON_AUDIT_LOG_CLEAN_UP_ENABLED.

Audit log versions in 26.1

Seqera Platform Enterprise 26.1 introduces the audit log v2 schema as a breaking change for direct database consumers and custom ETL jobs.

• The legacy audit log schema remains in the tw_audit_log table.
• The new audit log v2 schema is written to a separate table.
• The v2 schema is not backward-compatible with the legacy schema. Field names, structure, and pagination behavior differ.
• The v2 Admin panel view and CSV export are available when TOWER_AUDIT_LOG_V2_WRITE_MODE is set to dual or v2.

Use TOWER_AUDIT_LOG_V2_WRITE_MODE to control how new audit events are written:

• dual: Write new events to both v1 schema and v2 schema. This is the recommended 26.1 migration mode if you need to validate the v2 schema while keeping existing v1 integrations unchanged.
• v2: Write new events to v2 schema only.

Upgrade path for existing integrations

If you have existing scripts, exports, or ETL processes that read from the legacy audit log schema, plan the 26.1 upgrade in two stages:

1. Upgrade to 26.1.
2. Validate your integrations against the v2 schema while your existing v1 readers continue to work from the legacy table.

In the 26.1 migration plan, dual-write is transitional. Plan for 26.2 to make v2 the only write-side schema, while the legacy v1 data remains available for reads as long as your retention policy still covers the required historical period.

Audit log event format

When audit log v2 is enabled, the Admin panel shows the following event details:

• Timestamp: Event timestamp in ISO 8601 format.
• Event: The audit event name, such as user_sign_in or credentials_created.
• Actor: Whether the event was triggered by a user or by the system, including point-in-time user details for user-initiated events.
• Client: Client IP address, user agent, and access token ID when available. Client details are empty for system-initiated events.
• Target: The resource type, ID, and resource name associated with the event.
• Organization: The organization ID and name for organization-scoped or workspace-scoped resources.
• Workspace: The workspace ID and name for workspace-scoped resources.
• Correlation ID: An identifier that links all audit events emitted as part of the same cascade action.

For organization-scoped, personal workspace-scoped, or system-wide targets, the organization and workspace columns display N/A labels to indicate when a field does not apply to that resource scope.

CSV exports use the same v2 schema and date filters as the Admin panel view. You can control the maximum export size with TOWER_AUDIT_LOG_V2_CSV_EXPORT_MAX_LOGS.

Audit log v2 events

Audit log v2 emits the following event names.

Event	Target	Description
workflow_launched	Workflow run	A workflow run was launched from Platform.
workflow_created	Workflow run	A workflow run was created after Nextflow established connection.
workflow_updated	Workflow run	A workflow run was updated.
workflow_completed	Workflow run	A workflow run completed execution.
workflow_deleted	Workflow run	A workflow run was deleted.
workflow_dropped	Workflow run	A workflow run was permanently deleted.
access_token_created	Access token	A personal access token was created.
access_token_deleted	Access token	A personal access token was deleted.
ssh_key_created	SSH key	An SSH public key was added to a user account.
ssh_key_deleted	SSH key	An SSH public key was removed from a user account.
user_created	User	A new user account was created.
user_updated	User	A user account was updated.
user_deleted	User	A user account was deleted.
user_sign_in	User	A user signed in to the platform.
compute_environment_created	Compute environment	A compute environment was created.
compute_environment_updated	Compute environment	A compute environment was updated.
compute_environment_deleted	Compute environment	A compute environment was deleted.
credentials_created	Credentials	Credentials were created.
credentials_updated	Credentials	Credentials were updated.
credentials_deleted	Credentials	Credentials were deleted.
credentials_dropped	Credentials	Credentials were permanently deleted.
action_created	Action	A pipeline action was created.
action_updated	Action	A pipeline action was updated.
action_deleted	Action	A pipeline action was deleted.
organization_created	Organization	An organization was created.
organization_updated	Organization	An organization was updated.
organization_deleted	Organization	An organization was deleted.
team_created	Team	A team was created.
team_updated	Team	A team was updated.
team_deleted	Team	A team was deleted.
workspace_created	Workspace	A workspace was created.
workspace_updated	Workspace	A workspace was updated.
workspace_deleted	Workspace	A workspace was deleted.
pipeline_created	Pipeline	A pipeline was added to a workspace launchpad.
pipeline_updated	Pipeline	A pipeline was updated.
pipeline_deleted	Pipeline	A pipeline was deleted from a workspace launchpad.
participant_created	Participant	A user or team was added as a participant to a workspace.
participant_deleted	Participant	A user or team was removed as a participant from a workspace.
participant_role_updated	Participant	A workspace participant role was changed in a workspace.
member_created	Member	A user was added as a member to an organization.
member_deleted	Member	A user was removed as a member from the organization.
member_role_updated	Member	A member role was changed in an organization.
team_member_created	Team member	A member was added to a team.
team_member_deleted	Team member	A member was deleted from a team.
pipeline_secret_created	Pipeline secret	A pipeline secret was created.
pipeline_secret_updated	Pipeline secret	A pipeline secret was updated.
pipeline_secret_deleted	Pipeline secret	A pipeline secret was deleted.
dataset_created	Dataset	A dataset was created.
dataset_updated	Dataset	A dataset was updated.
dataset_deleted	Dataset	A dataset was deleted.
dataset_content_uploaded	Dataset	Dataset content was uploaded.
dataset_content_downloaded	Dataset	Dataset content was downloaded.
data_link_created	Data-link	A data-link was created.
data_link_updated	Data-link	A data-link was updated.
data_link_deleted	Data-link	A data-link was deleted.
data_link_hide	Data-link (metadata)	A data-link was hidden from the workspace.
data_link_show	Data-link (metadata)	A hidden data-link was made visible in the workspace.
data_link_file_preview	Data-link (file)	A file was previewed through a data-link.
data_link_file_upload	Data-link (file)	A file was uploaded through a data-link.
data_link_file_download	Data-link (file)	A file was downloaded through a data-link.
data_link_file_deleted	Data-link (file)	A file was deleted through a data-link.
studio_session_created	Studio	A studio session was created.
studio_session_deleted	Studio	A studio session was deleted.
studio_session_started	Studio	A studio session was started.
studio_session_stopped	Studio	A studio session was stopped.
studio_session_updated	Studio	A studio session was updated.
studio_session_connected	Studio (connection)	A user connected to a studio session.
studio_session_disconnected	Studio (connection)	A user disconnected from a studio session.
studio_session_build_started	Studio	A studio session container build was started.
studio_session_build_failed	Studio	A studio session container build failed.
studio_session_build_succeeded	Studio	A studio session container build succeeded.
studio_session_lifespan_extended	Studio	A studio session lifespan was extended.
studio_session_ssh_auth_succeeded	Studio (SSH)	SSH authentication to a studio session succeeded.
studio_session_ssh_auth_failed	Studio (SSH)	SSH authentication to a studio session failed.
label_created	Label	A label was created.
label_updated	Label	A label was updated.
label_deleted	Label	A label was deleted.
resource_label_created	Label	A resource label was created.
resource_label_updated	Label	A resource label was updated.
resource_label_deleted	Label	A resource label was deleted.
label_assignment_created	Label assignment	A label was assigned to a resource.
label_assignment_deleted	Label assignment	A label was removed from a resource.
managed_identity_created	Managed identity	A managed identity was created.
managed_identity_edited	Managed identity	A managed identity was updated.
managed_identity_deleted	Managed identity	A managed identity was deleted.
managed_credentials_created	Managed credentials	Managed credentials were created.
managed_credentials_updated	Managed credentials	Managed credentials were updated.
managed_credentials_deleted	Managed credentials	Managed credentials were deleted.
credits_modified	Credit info	A credit grant was modified.
user_role_created	User role	A role was assigned to a user. Note: this can happen via changes to the user's team (namely, team role changes).
user_role_updated	User role	A user's role was updated. Note: this can happen via changes to the user's team (namely, team role changes).
user_role_deleted	User role	A user's role was removed.
role_created	Role	A custom role was created.
role_updated	Role	A custom role was updated.
role_deleted	Role	A custom role was deleted.
idp_group_created	IdP group	An IdP group was created.
idp_group_updated	IdP group	An IdP group was updated.
idp_group_deleted	IdP group	An IdP group was deleted.

Deprecated audit events

The following legacy event names are deprecated. Use the replacement event when one is available.

Event	Replacement
compute_environment_made_primary	compute_environment_updated
compute_environment_made_non_primary	compute_environment_updated
compute_profile_created	compute_environment_created
compute_profile_updated	compute_environment_updated
compute_profile_deleted	compute_environment_deleted
compute_profile_made_primary	compute_environment_made_primary
compute_profile_made_non_primary	compute_environment_made_non_primary
organization_settings_updated	organization_updated
participant_added	participant_created
participant_removed	participant_deleted
participant_role_update	participant_role_updated
member_added	member_created
member_removed	member_deleted
member_role_update	member_role_updated
team_member_added	team_member_created
team_member_removed	team_member_deleted
data_link_file_delete	data_link_file_deleted
data_studio_session_created	studio_session_created
data_studio_session_deleted	studio_session_deleted
data_studio_session_started	studio_session_started
data_studio_session_stopped	studio_session_stopped
data_studio_session_connected	studio_session_connected
data_studio_session_disconnected	studio_session_disconnected
data_studio_session_build_started	studio_session_build_started
data_studio_session_build_failed	studio_session_build_failed
data_studio_session_build_succeeded	studio_session_build_succeeded
data_studio_session_lifespan_extended	studio_session_lifespan_extended
data_studio_session_ssh_auth_succeeded	studio_session_ssh_auth_succeeded
data_studio_session_ssh_auth_failed	studio_session_ssh_auth_failed
role_grant_association_created
role_grant_association_deleted
action_paused	action_updated
action_unpaused	action_updated
user_trusted	user_updated
user_enabled	user_updated
user_disabled	user_updated
workflow_status_changed	workflow_updated

Pre and post state change capture

When enabled, audit log v2 captures full resource state snapshots or images immediately before and after each change event in JSON format. This provides a complete record of what changed and satisfies regulatory requirements (such as GxP/21 CFR Part 11). Fields that are large or that may contain sensitive values are hashed.

info

State snapshots increase database storage requirements. For a deployment with 2 million audit log records, the snapshots can consume between 3 GB and 40 GB depending on the events and the size and complexity of the tracked resources. Plan your database capacity and retention policy accordingly before enabling this feature.

This feature is enabled once the GxP add-on is attached to your Seqera license. Contact us to obtain the GxP add-on.