The XenServer audit log, which is enabled in XenServer by default, records any operation with side-effects (successful or unsuccessful) performed by a known user. This includes:
The audit logging feature is enabled by default. The audit log can be backed up by using the XenServer syslog command to duplicate the audit log to a safe box. The syslog command is available from the CLI and documented in XenServer Administrator's Guide.
While Citrix strongly recommends that customers concerned with auditing implement Role Based Access Control, the audit log itself does not require that users be assigned RBAC roles nor does it require Active Directory integration.
XenServer logs actions on the pool level, and creates a log for each pool on the pool master.
To display the audit log, you have two choices. You can: