Go to Verkada
All Collections
Verkada Command
Organization Wide Settings
Accessing Audit Logs

Accessing Audit Logs

Access and view audit logs per camera or organization to keep track of what's happening in your organization
Eden Taitt avatar
Written by Eden Taitt
Updated this week

Verkada logs user and device activities that occur within the Command platform. These logs are maintained at the organization level and at the per-camera level.

Note: If you are looking to access events prior to June 15, 2021, reference the ‘Legacy’ section of this document.

Verkada Audit Log Overview

Our Audit Log tracks system access and ties each action to a user. Examples of types of events that are logged are:

  • User logins

  • User management (add, edit, delete users)

  • Organization, site and group creation

  • Cameras moved between sites

  • Video footage (live, historical, archives) viewed

  • Verkada Support actions

Events will contain specific information like:

  • Timestamp of when the action took place

  • IP address of the user or device that performed the action

  • Username, phone number, or device that performed the action

Accessing the Org Audit Log

Users with Org Admin permissions can access the Audit Log by following the steps below:

  1. Navigate to the Admin tab

  2. Select Privacy & Security

  3. Click Audit Log

Audit Log Events

The following events are logged in the audit log. Each event will contain additional information (e.g. User Login -> Success/Fail) to provide more context.

User logins

  • User attempted login: Displays login success or failure, with reason.

  • User attempted logout: Displays logout success or logout fail, with reason.

Verkada Support access

When a member of the Verkada Support team is granted access by a customer, the event along with the details (time, access window size, etc.) alongside the actions taken by the Support team member (e.g. changes configurations) are logged. Notifications can be set when this action is taken.

  • Support Access: A Verkada Support team member was granted access to the organization by an admin user.

  • Support Access Granted: An admin created or modified a Verkada Support access window. This event occurs when an admin creates or modifies the duration in which a Verkada Support Team member can access the organization.

User management

  • User Created: New user created within the organization

  • User Invited: A new user was invited to the organization

  • User Login: A user attempted a login

  • User Logout: A user logged out

  • User Changed Password: A user changed their password

  • User Permissions Modified: Permissions were modified for a user

  • User Preference Set: User set or changed preferences

  • Two-factor Reset: Two-factor authentication was reset

  • SAML Config Created: New SAML configuration was created

  • SAML Config Deleted: SAML configuration was deleted

  • SAML IDP Initiated: SAML IDP was initiated

  • SAML Config Updated: SAML configuration was updated

  • SCIM Provider Created: New SCIM provider created

  • SCIM Provider Deleted: SCIM provider was deleted

  • SCIM Provider Modified: SCIM provider was modified

  • SCIM Token Regenerated: SCIM token has been regenerated

  • User Group Action Taken: A user group has been created, modified, or deleted

  • Users Removed from Organization: A user or set of users were removed from the organization

  • Force Logout Requested: An admin force logged out a user

Organization, Site and Group actions

  • Organization Modified: Organization renamed in Command

  • Organization Property Modified: A property or setting of the organization was modified

  • Site Action Taken: A site has been created, modified, or deleted

  • Camera Site Changed: A camera site was modified

  • Webhook Toggled: Webhooks were enabled or disabled

  • API Key Modified: An API key was either created or modified

User actions

  • Devices Installed: User added a new device to Command

  • Devices Uninstalled: User removed a device from Command

  • Camera Config Modified: User modified a camera configuration. See details for which configuration

  • Profile Image Downloaded: User downloaded still image from camera footage

  • Profile Image Uploaded: User uploaded an image

  • Profile Photo Added: User added a profile photo

  • Profile Created: User created and named a person in Command

  • Profile Details Viewed: User viewed details of a profile/person

  • Profile Viewed: User viewed a profile/person

  • Profile Merged: User merged two profiles/people into a single profile

  • Profile Searched by Uploading Image: A user uploaded an image to perform a search in Command

  • Profile Suggestions Viewed: Suggested profiles/people were viewed by a user

  • Profile Suggestions Updated: Suggested profiles/people were updated

  • Profile Unmerged: User unmerged a profile

  • Profile Updated: User updated a profile

  • Profile Searched: User searched for a profile/person

  • Profile Searched with Details: User searched for a profile/person with details

  • Vehicle Searched: A user searched for a vehicle

Camera viewing actions

  • Live Stream Started: User started a live video stream

  • History Viewed: User viewed historical video

  • Archive Action Taken: User created, modified, or deleted a video archive

  • Embed Link Created: User created a video embed link

  • Live Link Created: User created a share

  • Timelapse Action Taken: User created, modified, deleted or downloaded a video timelapse

Access events

  • ACU Commissioned: Access Control unit added to Command

  • ACU Decommissioned: Access Control unit removed from Command

  • Door Created: A new Access door was created

  • Door Deleted: An Access door was deleted

  • Access Group Created: A new group was created for Access

  • Access Group User Added: A user was added to an Access group

  • Access Group User Removed: A user was removed from an Access group

  • Access Lockdown Created: A lockdown was initiated

  • Access Lockdown Modified: A lockdown was modified

  • Access Lockdown Deleted: A lockdown has been deleted/removed

  • Access Schedule Created: User created an Access schedule

  • Access Schedule Modified: User modified an Access schedule

  • Access Schedule Deleted: User deleted an Access schedule

  • Access Method Added: User was granted a new Access method

  • Access Method Removed: Access method removed

  • Access Method Modified: Access method modified

  • Access Roles Granted: User granted Access roles

  • Access Roles Revoked: User revoked Access roles

  • Access Users Exported: User exported Access user list

Legacy Camera Audit Logs

To ensure Verkada admins are able to access historical events and logs prior to June 15 2021, the legacy logs will still be accessible and the data can be exported.

It’s highly recommended that the historical logs are exported in case the log data is needed for future reference. Logs can be exported by navigating to the Organization Audit Log Legacy View (See below) or via the Export Camera Audit Logs functionality (see below).

Events Only in Legacy Audit Log

Below are the events that can only be accessed in the Legacy audit logs.

  • Camera initialized: Camera is connected for the first time

  • Connectivity change: Camera lost connection or regained connection to the Internet

  • Motion detection: Camera detected motion in the region of interest

  • Camera rebooted: Camera rebooted (non-user initiated)

  • Tampering detected: Camera detected a tampering event

  • Firmware upgrade: Camera upgraded its firmware

  • Occlusion: Camera was occluded

  • Live video shared: User created a share

  • Live video viewed: Live stream viewed from share

  • Live video viewed: User viewed a live stream

  • Live video requested: User initialized a live stream

Legacy Organization Audit Log

Organization Audit Logs track system access and tie each action to a user. The following actions can be monitored in the Organization Audit Logs:

Accessing Organization Audit Logs

Users with Org Admin permissions can access Organization Audit Logs by following the steps below:

  1. Navigate to the Admin tab

  2. Select Privacy & Security

  3. Click Audit Log

Legacy Organization Audit Log Events

This section explores different events tracked in the Organization Audit Log. Each event contains the following information:

  • Timestamp of when the action took place (displayed in your local timezone)

  • IP address of the user who performed the action

  • Username of user who performed the action

  • Email address of the user who performed the action

  • Action taken

User logins

  • User attempted login: Displays login success or failure, with reason.

  • User attempted logout: Displays logout success or logout fail, with reason.

User management

  • User created: New user created within the Organization

  • User added: New user created within the Organization

  • User removed from organization: User removed by an Organization Admin

  • User invited: User invited by an Organization Admin

  • User invitation resent: User invitation resent by Organization Admin

  • Grant user permission: Organization Admin granted a user permission to access a camera Group

  • Revoke user permission: Organization Admin revoked a user permission to access a camera group

  • User permissions change: Organization Admin changed a user's permissions, such as by making the user a Site Viewer

  • Organization audit log accessed: Audit log was accessed by a user

Organization, Site and Group creation

  • Organization created: New Organization created in Command

  • Organization deleted: Organization deleted in Command

  • Organization modified: Organization renamed in Command

  • Camera group created: Site or Nested Site created by Organization Admin

  • Camera group renamed: Site or Nested Site renamed by Organization Admin

  • Camera group deleted: Site or Nested Site deleted by Organization Admin

Camera moves

  • Added camera to group: User added a camera to a group in the Organization

  • Removed camera from group: User removed a camera from a group in the Organization

Legacy Per Camera Audit Logs

Per Camera Audit Logs track user actions and events related to individual cameras. The following events can be monitored in the Per Camera Audit Logs:

  • User actions

  • Camera events

Accessing Per Camera Audit Logs

Users with Site Admin permissions to the site or group where the camera resides can access Per Camera Audit Logs by following the steps below:

  1. Select a camera

  2. Navigate to Info → Settings → Audit Log

  3. Admins can view the Audit Log on screen or download as CSV to create custom reports.

Legacy Per Camera Audit Log Events

This section explores different events tracked in the Per Camera Audit Log. Each event contains the following information:

  • Timestamp of when the action took place

  • IP address of the user or device that performed the action

  • Username, phone number, or device that performed the action

  • Action taken

User actions

  • Archive downloaded: User downloaded an archive

  • Camera audit log accessed: User accessed the audit log

  • Fisheye mode changed: User changed mode to Panoramic or 4-way split

  • Camera name changed: User renamed camera

  • Camera rebooted: User rebooted camera

  • Rotation changed: User changed camera orientation

  • Codec changed: User changed codec (Verkada Support only)

  • Focus changed: User adjusted focus

  • Privacy mode changed: User changed Privacy to High or Extreme (Verkada Engineering only)

  • Footage archived: User archived footage

  • Timelapse requested: User accessed a timelapse

  • Archived video deleted: User deleted an archive

  • Footage archived: User created an archive

  • Video archiving stopped: Archive completed

  • Video history viewed: User viewed history

  • Video history request: User accessed historical footage

  • Shared history video requested: Historical footage accessed from a share

  • Shared history video watched: Historical footage viewed from a share

  • Live video shared: User created a share

  • Live video viewed: Live stream viewed from share

  • Live video viewed: User viewed a live stream

  • Live video requested: User initialized a live stream

Camera events

  • Camera initialized: Camera is connected for the first time

  • Connectivity change: Camera lost connection or regained connection to the Internet

  • Motion detection: Camera detected motion in the region of interest

  • Camera rebooted: Camera rebooted (non-user initiated)

  • Camera config changed: Camara configuration changed

  • Tampering detected: Camera detected a tampering event

  • Firmware upgrade: Camera upgraded its firmware

  • Occlusion: Camera was occluded

Exporting the Camera Audit Log for All Cameras

Organization admins are able to export a single csv of all the camera audit logs for their organization.

  1. Navigate to Admin → Cameras → Export Camera Audit Log

  2. Select a relative date range or select 'Custom' to define a date range of logs to export

  3. Select 'Export CSV'

The export is limited to 30 days. To export a wider date range, multiple exports need to be performed.

Exporting Camera list

Organization admins are able to export a single csv file of all the camera info that includes

  • Name of the camera

  • Site

  • Location

  • Model

  • Serial number

  • Date added to Org

  • Device retention

  • Cloud backup retention

  • Firmware status

  • Local IP

  • MAC

  • Status

  • Last online date

  1. Navigate to Admin page

  2. Select Cameras

  3. Click Export Camera List

NOTE: The export process can take up to one minute depending on the number of cameras in the organization and the time range selected.

Did this answer your question?