What events and information are logged? 

When a Redgate Monitor user makes changes to high-risk configurations (e.g. changes to user privileges, suspending monitoring of a server or group, pausing alerting etc.), Redgate Monitor will log pertinent information, including: 

• Time 
• Version of Redgate Monitor 
• User 
• Action 
• IP address 
• Permissions 
• Parameters used
  
  

For installations using Active Directory authentication, successful and failed login attempts are also logged.  For OpenID Connect authentication, these are not logged and should be obtained from the OIDC provider instead.

"timestamp":"2025-04-01T00:17:56.8873294Z","version":"14.0.50.11584","user":exampleuser@example.com,"path":"/api/basemonitors/exampleServerName/monitoredservers/suspend","controller":"ManageMonitoredEntitiesApi","action":"SuspendEntity","httpMethod":"POST","statusCode":200,"params":{"request":{"Ids":[{"base":"exampleBaseMonitorID","Name":"exampleServerName"}],"MakeSuspended":true}} 

Disabling the sensitive action logging 

This feature is enabled by default for enterprise license holders. This can be disabled by adding the following to the appsettings.json file for the machine that hosts the website:  

{ 
    "FeatureFlags": { 
       "SensitiveActionLog": false
    } 
} 

Accessing sensitive action log files 

Like other Redgate Monitor log files, Sensitive Action Log files are stored by default in C:\ProgramData\Red Gate\Logs\Redgate Monitor on Windows /var/log/redgate/redgatemonitor on Linux, or the REDGATEMONITOR_LogFilesDirectoryPath path if specified.  

You can configure sensitive action log files to be saved to a different location by setting the environment variable REDGATEMONITOR_SensitiveActionLogFilesDirectoryPath to a path of your choosing. 

Log file retention

As of version 14.0.58 of Redgate Monitor, these files will be retained for up to 30 days.