Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Logging Log Formats and Versioning Admin Audit Log Formats Order of Fields in Admin Audit Log V12 Log Format

Last updated: Aug 07, 2025

V12 Log Format

The CSV fields in the header row of the Admin Audit log.

id,timestamp,email,user,type,action,logged in from,before,after

The description of each field and the log version in which each field was released, from Version 4 up to Version 12. For more information about log versions, see Find Your Log Schema Version.

Field name Description Release version
id A unique identifier of the audit event. v4
timestamp The date and time of the administrative change event, expressed as a UTC-formatted string (e.g., 2024-01-16 17:48:41). Note: Unlike the Secure Access dashboard and reports, Secure Access logs do not convert the timestamp to your local timezone. v4
email The email of the user that triggered the event. v4
user The account name of the user who created the change. v4
type Where the change was made, such as settings or a policy. v4
action The type of change made, such as Create, update, or Delete. v4
logged in from The user's IP source. v4
before The policy or setting before the change was made. v4
after The policy or setting after the change was made. v4
Previous topic Optional V12 Log Header Format Next topic Cloud Firewall Log Formats