Skip to main content

Manage and View Audit Logs

Learn how to access and view audit logs per camera or organization

Updated over a month ago

Verkada's audit log feature captures user and device activities that occur within the Verkada Command platform. These logs are maintained at 2 levels:

  • Organization level—From the time the org is created

  • Individual camera level—From the time the camera is added

To access events prior to June 15, 2021, see legacy audit logs.

Audit log functions

The audit log tracks system access and ties each action to a user. Examples of types of events that are logged are:

  • User logins

  • User management (add, edit, delete users)

  • Organization, site, and group creation

  • Cameras moved between sites

  • Video footage (live, historical, archives) viewed

  • Verkada Support actions

Events contain specific information, such as:

  • Timestamp of when the action took place

  • IP address of the user or device that performed the action

  • Username, phone number, or device that performed the action

View the organization audit log

Users with Org Admin permissions can access the audit log, as follows:

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Security & Access.

  3. Click Audit Log.

  4. Admins can view the audit log on screen and use the search bar to filter for events or click Export to download events as a comma-separated value (CSV) file to create custom reports.

View per-camera audit logs

Users with Site Admin permissions to the camera's site can access the per-camera audit logs, as follows:

  1. In Verkada Command, go to All Products > Cameras.

  2. Select a camera.

  3. To the right of the camera feed, click Settings.

  4. Under General, scroll down to and select Audit Log.

  5. Admins can view the audit log on screen and use the search bar to filter for events or click Export to download events as a comma-separated value (CSV) file to create custom reports.

Export the camera audit log for all cameras

Users with Org Admin permissions can export a single CSV of all the camera audit logs for their organization, as follows:

  1. In Verkada Command, go to All Products > Cameras.

  2. On the left navigation, click Camera Settings.

  3. Scroll down to Export Camera Audit Log, click the dropdown and set the timeframe.

  4. Select Export CSV.

The export is limited to 30 days. To export a wider date range, multiple exports need to be performed.

Export camera list

Users with Org Admin permissions can export a single CSV file of all the camera's information, as follows:

  1. In Verkada Command, go to All Products > Cameras.

  2. On the left navigation, click Camera Settings.

  3. Scroll down to Export Camera List and select Export CSV.
    The CSV file contains information, such as:

    • Name of the camera

    • Site

    • Location

    • Model

    • Serial number

    • Date added to org

    • Device retention

    • Cloud backup retention

    • Firmware status

    • Local IP

    • Media Access Control (MAC) address

    • Status

    • Last online date

The export process can take up to one minute, depending on the number of cameras in the organization and the time range selected.

Understand all audit log events

User logins

  • User attempted login: Displays login success or failure, with reason

  • User attempted logout: Displays logout success or logout failure, with reason

Verkada Support access

When a member of the Verkada Support team is granted access by a customer, the event along with the details (time, access window size, and so on) alongside the actions taken by the Support team member (for example, configuration changes) are logged. Notifications can be set for when these actions are taken.

  • Support Access: A Verkada Support team member was granted access to the organization by an Admin user.

  • Support Access Granted: An Admin created or modified a Verkada Support access window. This event occurs when an Admin creates or modifies the duration in which a Verkada Support team member can access the organization.

User management

  • Export Users CSV: User list was exported from this organization

  • User Added to Organization: User was added

  • User Removed from Organization: User was removed

  • Users Removed from Organization: Multiple users were removed

  • Organization User Provisioned: User added by SCIM

  • Resent invitation for User to join Organization: Invitation was sent to an existing user in the org

  • User Created: New user created within the organization

  • User Invited: New user was invited to the organization

  • User Login: User attempted a login

  • User Logout: User logged out

  • User Email Modified: User's email was changed

  • User Employment Modified: Access user's employee information was changed

  • User Name Modified: User's first and/or last name was changed

  • User Changed Password: User changed their password

  • User Permissions Modified: Permissions were modified for a user

  • User Roles Modified: Permissions, including access role permissions, were modified for a user

  • User Modified RTSP Credentials: User made an Real-Time Streaming Protocol (RTSP) change on a camera

  • User Preference Set: User set or changed preferences

  • Two-Factor Reset: Two-factor authentication was reset

  • SAML Config Created: New Security Assertion Markup Language (SAML) configuration was created

  • SAML Config Deleted: SAML configuration was deleted

  • SAML IDP Initiated: SAML identity provider (IDP) was initiated

  • SAML Config Updated: SAML configuration was updated

  • SCIM Provider Created: New System for Cross-domain Identity Management (SCIM) provider created

  • SCIM Provider Deleted: SCIM provider was deleted

  • SCIM Provider Modified: SCIM provider was modified

  • SCIM Token Regenerated: SCIM token has been regenerated

  • User Group Action Taken: User group has been created, modified, or deleted

  • Users Removed from Organization: User or set of users were removed from the organization

  • Force Logout Requested: Admin force logged out a user

Organization, site, and group actions

  • Organization Modified: Organization renamed in Verkada Command

  • Organization Property Modified: Property or setting of the organization was modified

  • Site Action Taken: Site has been created, modified, or deleted

  • Webhook Toggled: Webhooks were enabled or disabled

  • API Key Modified: API key was created or modified

Device management

  • Devices Installed: User added a new device to Command

  • Devices Uninstalled: User removed a device from Command

  • Device Remotely Accessed: Support accessed this device

  • License Claim Event: License key was added to the organization

  • License Grant Event: Additional licensing was added to the organization by Verkada

  • Override Trial Event: Verkada added more days to this organization's trial

  • Viewing Station Grid Updated: Change was made to a Viewing Station

Camera events

  • Archive Action Taken: User created, modified, or deleted a video archive

  • Camera Config Modified: User modified a camera configuration. See details for which configuration

  • Profile Image Downloaded: User downloaded still image from camera footage

  • Profile Image Uploaded: User uploaded an image into a profile

  • Profile Results Searched By Identity: Profile was used for people search

  • Profile Photo Added: User added a people profile photo

  • Profile Created: User created and named a people profile in Command

  • Profile Deleted: People profile was deleted

  • Profile Viewed: User viewed a profile/person

  • Profile Merged: User merged two profiles/people into a single profile

  • Profile Unmerged: User unmerged a profile

  • Profile Updated: User updated a profile

  • Profile Searched: User searched for a profile/person

  • Profile Searched with Details: User searched for a profile/person with attributes included

  • Profile Details Viewed: User viewed details of a profile/person

  • Profile Searched by Uploading Image: User uploaded an image to perform a search in Command

  • Profile Suggestions Viewed: Suggested profiles/people were viewed by a user

  • Profile Suggestions Updated: Suggested profiles/people were updated

  • Vehicle Searched: A user searched for a vehicle

  • History Viewed: User viewed historical video

  • Live Stream Started: User started a live video stream

  • Embed Link Created: User created a video embed link

  • Live Link Created: User created a shareable link

  • Timelapse Action Taken: User created, modified, deleted, or downloaded a video time lapse

  • Camera Retention Settings Updated: A camera's retention was changed

  • Camera Site Changed: A camera site was modified

  • Helix Event Modified: A helix event change was made through API

  • Video Sharing Agreement Updated: Video sharing policy agreement has been changed.

  • Shared resource created: An archive was shared

Access events

  • Access Alert Modified: Access alert-related change was made

  • Aux Input Modified: AUX input-related changed was made

  • Door Created: New access door was created

  • Door Deleted: Access door was deleted

  • Door Modified: Change was made on an access door

  • Door Moved: Door's settings was moved to another door port

  • Elevator Modified: Elevator-related changed was made

  • Access Group User Added: User was added to an access group

  • Access Group Created: New group was created for access

  • Access Group User Removed: User was removed from an access group

  • Access Level Modified: Access level-related change was made

  • Access Lockdown Modified: Lockdown was modified

  • Access Muster Report Modified: Roll call report was ran

  • Access Muster Template Modified: Roll call template related changed was made

  • Access Device nearby Camera Modified: Door's camera was changed

  • Access Org Badge Template Modified: Badge template-related change was made

  • Access Schedule Created: User created an access schedule

  • Access Schedule Deleted: User deleted an access schedule

  • Access Schedule Modified: User modified an access schedule

  • Access Site Config Modified: Access site-related change was made

  • Access Device Moved: Access controller was moved to a different site

  • Access Method Added: New method (badge, Bluetooth, and so on) of unlocking a door was added to a user

  • Access Method Removed: Method of unlocking a door was removed from a user

  • Access Method Modified: Method of unlocking a door was modified in a user

  • Access Roles Granted: User granted access roles

  • Access Roles Revoked: User revoked access roles

  • Access Users Exported: User exported Access user list

  • Access Org Config Modified: An access organization setting was changed

Alarm events

  • Alarm Settings Modified: An alarm related change was made

Sensor events

  • Sensor Alert Config Modified: Change was made on a sensor alert

  • Sensor Calibration: Sensor calibration-related event was made on the org (calibrating a sensor reading and/or generation of a certificate)

  • Sensor Config Modified: Change was made on an air quality sensor

  • Sensor Dashboard Modified: Change was made on an air quality dashboard

  • Sensor Device Details Modified: Air quality sensor's name, location, and so on was changed

  • Sensor Site Changed: Air quality sensor was moved to another site

Get Audit Logs API

Command audit logs can also be retrieved via the REST API call.

The Get Audit Logs API call returns audit logs for an organization within the time range specified. All audit logs include a timestamp in UTC format, user info, IP address, event info, and device info. See apidocs.verkada.com for more information.

Prefer to see it in action? Check out the video tutorial.

Need more help? Contact Verkada Support.

Related Articles
View Access Control Doors
View Access Controllers in Command
Configure Classic Alarms Site Settings
Legacy Audit Logs
Set Up Smart Tiles on the VX52
Did this answer your question?