Sensitive action logging
Published 18 September 2025
What events and information are logged?
When a Redgate Monitor user makes changes to high-risk configurations (e.g. changes to user privileges, suspending monitoring of a server or group, pausing alerting etc.), Redgate Monitor will log pertinent information, including:
- Time
- Version of Redgate Monitor
- User
- Action
- IP address
- Permissions
- Parameters used
For installations using Active Directory authentication, successful and failed login attempts are also logged. For OpenID Connect authentication, these are not logged and should be obtained from the OIDC provider instead.
Passwords, keys and other private or secret information
Redgate Monitor redacts passwords, keys and other private or sensitive data in the sensitive action log output.
Usernames are not redacted as these are needed for forensic auditing purposes.
Example log entry for suspending monitoring of a server:
"timestamp":"2025-04-01T00:17:56.8873294Z","version":"14.0.50.11584","user":exampleuser@example.com,"path":"/api/basemonitors/exampleServerName/monitoredservers/suspend","controller":"ManageMonitoredEntitiesApi","action":"SuspendEntity","httpMethod":"POST","statusCode":200,"params":{"request":{"Ids":[{"base":"exampleBaseMonitorID","Name":"exampleServerName"}],"MakeSuspended":true}}
Format and action names
The exact format of the log (e.g. action names, parameter names) will be subject to change across versions of Redgate Monitor.
Disabling the sensitive action logging
This feature is enabled by default for enterprise license holders. This can be disabled by adding the following to the appsettings.json file for the machine that hosts the website:
Example appsettings.json content to disable sensitive action logging
{ "FeatureFlags": { "SensitiveActionLog": false } }
Accessing sensitive action log files
Like other Redgate Monitor log files, Sensitive Action Log files are stored by default in C:\ProgramData\Red Gate\Logs\Redgate Monitor on Windows /var/log/redgate/redgatemonitor on Linux, or the REDGATEMONITOR_LogFilesDirectoryPath path if specified.
You can configure sensitive action log files to be saved to a different location by setting the environment variable REDGATEMONITOR_SensitiveActionLogFilesDirectoryPath to a path of your choosing.
Log file retention
As of version 14.0.58 of Redgate Monitor, these files will be retained for up to 30 days.