Citrix Secure Private Access

Audit logs

Secure Private Access service related events are captured in Citrix Cloud > System log. All the events that an admin performs in the Citrix Secure Private Access service is sent to Citrix Cloud and captured in System log. The admin events can be, but not limited to, the following:

  • Creating or updating an app
  • Deleting an app
  • Configuring or deleting an adaptive access policy
  • Connector upgrade
  • Creation of allowed or blocked websites

By default, System log displays events that occurred in the last 30 days. The most recent events are displayed first.

The logs show details about events and can be filtered by the following:

  • Date and Time: The date and time (UTC format) when the event occurred.
  • Actor: The user or system that triggered the event. For example, administrator, secure client, service principal.
  • Service: The service where the event was logged. The Secure Private Access events must have Secure Private Access as the service.
  • Event: A short description of the event. For example, Created SaaS application, Deleted TCP/UDP application, Updated adaptive access policy, Updated application domain.
  • Target: The object impacted or changed as a result of the event. For example, the domain used for an application.

    The target identifier is in a human-readable format and not the actual ID.

The following figure displays the Secure Private Access events in the System Log.

System Logs

For details such as exporting events, retrieving events for a specific time period, forwarding log events, and data retention, see System Log.

Audit logs