# Audit Trail {% hint style="info" %} A license is required to use the DNAnexus Audit Trail feature. [Contact DNAnexus Sales](mailto:sales@dnanexus.com) for more information. {% endhint %} The DNAnexus Audit Trail feature fulfills the 21 CFR Part 11 requirement for human-readable audit trails for electronic records. The Audit Trail feature provides a human and machine-readable daily log of all activities (login, upload/download, run analysis, sharing, and other activities) related to all the users and all the projects of the organization. ## Enable Audit Trail As an organization admin: * Create a new project for storing audit log files * [Send a request to DNAnexus Support](mailto:support@dnanexus.com) or a point of contact at DNAnexus, with the organization name and project ID, to enable the feature Once activated, a comma-delimited text file of the audit log is deposited daily in a chosen project. Until the feature is activated, no data is tracked. The organization administrator can later provide other members of their organization with access to this project. These audit log files can be downloaded for further analysis. {% hint style="info" %} DNAnexus is **not** able to access these files or restore them if deleted. It is therefore recommended to [disallow deletion](/getting-started/key-concepts/projects.md#project-access-levels) from this project to prevent this. {% endhint %} {% hint style="info" %} Audit trails cannot be turned off except by [sending a request and rationale to DNAnexus Support](mailto:support@dnanexus.com). Only administrators can send requests. {% endhint %} ## Audit Trail File Format * **Timestamp** - Date in ISO format, such as 2018-03-14T00:00:00Z (UTC timezone), of the action * **IP Address**- IP Address of the user * **User Agent** - The [HTTP User Agent](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent) string * **Acting User ID** - Id of the user who made the API call * **Action** - Action for the API call, such as project-describe or file-close. * **Object ID** - The object's ID, for example, project-xxxx if a project was described * **Object Name** - Name of the object * **Project ID** - The ID of the project related to the object. Blank if an object, such as `globalworkflow`, is not related to a project * **Project Name** - Name of the project * **Success Status** - "Yes" if the API call succeeded, "No", otherwise * **Info** - Input to the API call. A JSON string * **Label**: The name of the user's authentication token * **Auth Token**: The last 4 letters of the user's authentication token An example of a Project with Audit Logs is shown below: ![Audit log example](/files/zoQWJAhxCEkGTN0I49nQ) ![Example of a Project with Audit Logs](/files/-MHrIxZmQ-uvzFXNR7Lo) If the org covers multiple regions, such as AWS-East and AWS-Frankfurt, the log files covering all activities in the org are placed in a project which is the default region of the org. To determine the specific region where the audit activity occurred, map the IP address to a geographic address. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.dnanexus.com/admin/audit-trail.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.