In PassMan, all relevant activities can be tracked down, what happened, when and by whom. There are 2 types of logging:

System log

System log entries are written by the PassMan virtual machine, like the standard syslog. Logntries have a loose structure:

{system time} {passman node} {service}: {log message}

Audit log

Audit log entries are triggered by activities of Padmin and PassMan users. These entries have a stricter structure:

{system time} {passman node} {service}: {process name}(process id): {parameters in key = value format }

The most relevant parameter keys are:

id of the log entry
if the activity belongs to an activity group (like import, multiple delete, target restore), then activity_group shows the id of the group
type of the action
start_timestamp is unix epoch time (the number of seconds since 1st January 1970)
user_upn is the univeral principal name of the user who committed the action in format username@domain. Automatic tasks have the user 'auto@internal'.
user_address is IP address or server name of the user. Automatic tasks have 'localhost' as user address.
business_result shows whether the action succeeded or failed.
entity_type, entity_name and entity tell what entity the action applies to, account, target or group.
entity_parent_name, entity_path makes it easier to find the entity in the tree (shown left on the PassMan UI). In case of private folders, the path looks like this: 'admin@local private/192.168.208.28/ad'
details give additional information depending on the type of activity
failure, failure_code and failure_details are filled if the activity failed

Activity details

category	type	details	description
session	session_log	user: user attempting to log in user_address: IP address of user token_issued_at: when auth token was given to user token_expiry_time: when will auth token expire failure, failure_code logout_time: when the user explicitely logged out on the UI	PassMan session has started / finished.
job / account	CreateAccount	target: id of target parameters of account	Create new account for given target.
job / account	UpdateAccount	account: id of account parameters of account	Change the parameters of the account, like name, description etc. Credential changes are done by UpdateCredentials.
job / account	DeleteAccount	account: id of account	Delete given account.
job / account	CheckCredentials	account: id of account	Check the correctness of the credentials by logging into the target in the background.
job / account	DeleteCredentials	account: id of account credential_types: password and/or ssh key	Delete given credentials of an account.
job / account	CheckoutCredentials	account: id of account credential_type: password or ssh key exclusive_duration: time the account can't be checked out by others	Show the given credential to the user, who can use it to access the account manually. If exclusive duration is given, PassMan ensures that other users won't show the credentials of this account.
job / account	CheckinCredentials	account: id of account	If the credentials are checked out exclusively, this activity will 'give them back', allowing other user to check them out. If the exclusive duration of the checkout is up, this job will run automatically.
job / account	LoginCheckoutCredentials	account: id of account credential_type: password or ssh key exclusive_duration: time the account can't be checked out by others user agent: passman agent initiating the action	Similar to CheckoutCredentials, but the credentials are used to log into the account, without showing them to the user. This functionality needs a passman agent, which handles the automatic login.
job / account	UpdateCredentials	account: id of account credentials: password and/or ssh key to change, values not shown in log	Change the credentials of an account. The changes are not reflected on the target, only in PassMan.
job / account	ResetCredentials	account: id of account credentials: password and/or ssh key to change, values not shown in log	Change the credentials of an account. Unlike UpdateCredentials, it changes them on the target system as well, therefore if the target is unreachable, or none of the current credentials are in sync, then this will fail.
job / account	ResetElevatedCredentials	target: id of target accounts: ids of accounts of target computers: name of windows servers where the service passwords will be changed	Change credentials of multiple accounts of given target using a service account. It can also change the passwords of windows services running on other computers.
job / target	CreateTarget	parent: id of group (folder) to create it in target parameters	Create target.
job / target	UpdateTarget	target: id of target target parameters	Change target parameters
job / target	DeleteTarget	target: id of target	Delete given target.
job / target	MoveTarget	target: id of target destination group: id of group to move it to	Move the target to a different group (folder). Permission to delete it from current group and to create it in the destination group are required to succeed.
job / target	RestoreAccounts	timestamp: time the accounts should be restored to account: id of account target: id of target	Target recovery restores the accounts to a previous state. This is useful if the target device was restored to a backup, and PassMan needs to be synchronized to this earlier state.
job / folder	CreateGroup	name: name of group parent: id of the group to create it in	Create group (folder).
job / folder	UpdateGroup	group: id of group name: new name of group description: new description of group	Change group (folder) name and/or description.
job / folder	DeleteGroup	group: id of group	Delete group (folder)
job / folder	MoveGroup	group: id of group parent id of group to move it to	Move given group (folder) to another parent group.
job / vault	OpenVault	key: vault username	Opens the vault, making sensitive data in the database accessible. Only users having a vault username and password can do that. If the vault is closed most jobs will fail.
job / vault	AddVaultKey	key: vault username	Add new vault user, which is independent from the login username and password. A user able to open the vault does not necessarily have to have login details to PassMan.
job / vault	DeleteVaultKey	key: vault username	Delete vault user.
job / policy	UpdateCredentialPolicy	credential_type: password or ssh key policy: requirements for the credential group: id of group target: id of target account: id of account	Change the policy the credentials have to be conform to.
job / policy	UpdateACL	acl: access control list (list of rules) group: id of group target: id of target account: id of account	Edit the ACL, which controls the permissions of the given entity.
user man	AddUser	username user parameters	Add new local user to access PassMan.
user man	UpdateUser	username user parameters	Change local user parameters.
user man	DeleteUser	username	Delete given local user.
user man	ChangePassword	username	Change password of given local user.
user man	AddLocalGroup	name	Add local user group.
user man	DeleteLocalGroup	name	Delete local user group.
user man	UpdateLocalGroup	name	Change name of local group.
user man	ForgotPassword	name error_message	Send email to given user about forgotten password.
padmin / certificate	PadminGenerateSelfSignedCert	domain country state company city admin_email	To have a secure comminication via https a certificate is needed. If the site does not have a properly signed certificate, a self-signed one can be generated.
padmin / certificate	PadminUploadCert	-	Upload certificate dedicated to the site running PassMan.
padmin / maintenance	PadminPassmanStart	-	Start PassMan, if it is stopped. After every start, the vault admin needs to open the vault for users to have access to sensitive data.
padmin / maintenance	PadminPassmanStop	-	Stop PassMan, if it is not stopped.
padmin / maintenance	PadminPassmanRestart	-	Stop PassMan and then start it again. Some activities need PassMan restarted to let the changes take effect.
padmin / maintenance	PadminPadminRestart	-	Restart Padmin service on virtual machine.
padmin / maintenance	PadminShutdown	-	Shut down the virtual machine. It won't be accessible from Padmin anymore.
padmin / maintenance	PadminShutdownCluster	-	Shut down all nodes of the cluster.
padmin / maintenance	PadminReboot	-	Reboot the virtual machine. It might take a few minutes, during that time it is not accessible from Padmin.
padmin / maintenance	PadminRebootCluster	-	Reboot all nodes of the cluster.
padmin / maintenance	PadminUpdateDatabaseIndexes	-	Update the database indexes of the PassManDatabase. It might be necessary after database restore activity.
padmin / update	PadminUpdatePassmanFile	upload_file	Update PassMan by uploading an update file. After that, restarting is necessary.
padmin / update	PadminUpdateFile	upload_file	Update Padmin by uploading an update file. After that restarting is necessary.
padmin / update	PadminOsUpdate	upload_file	Update the operating system of the virtual machine. Afterwards, reboot is necessary. In cluster mode, it can update only one node, so the update process needs to be run three times on each node.
padmin / data	PadminDatabaseBackup	filename_postfix	Backup PassMan database. Backups are stored on the virtual machine.
padmin / data	PadminDatabaseRestore	filename	Restore Passman database. It's a long process and might take sevaral minutes to finish. After that, PassMan needs to be restarted.
padmin / data	PadminDatabaseExport	filename	Export database backup file by downloading it by the browser. Export files are encrypted.
padmin / data	PadminDatabaseImport	db_dump_file	Import previously exported database backup file. Importing does not restore it automatically, just copies it to the virtual machine.
padmin / data	PadminDeleteBackup	filename	Delete backup file from virtual machine. Old backups are not deleted automatically.
padmin / data	PadminAutoBackup	-	Set daily automatic backup parameters. If export destination is set, then backup files are encrypted (just like in case of export), copied to the given destination and removed from the virtual machine.
padmin / system settings	PadminNetwork	network parameters	Change the network settings of the virtual machine, like IP address, gateway, dns, search domains, static routes. If the changes make the virtual machine unaccessible via http, then having it rescued via Padmin is not possible.
padmin / system settings	PadminLicense	-	Change the PassMan license.
padmin / system settings	PadminAutoJobs	changed parameters	Following automatic jobs can be configured to run daily at a specific time: CheckCredentials for each account ResetCredential before expiring for each account Email about expiring accounts Check AD services and domain members which run services to PassMan
padmin / system settings	PadminAuthentication	-	Configure authentication methods to PassMan. Restarting Passman is necessary to have the changes take effect.
padmin / system settings	PadminEmail	parameters	Configure the email settings.
padmin / system settings	PadminSecurity	changed parameters	Automatic ACL rule update for parent groups to ensure the user can view the entity he / she was given access to.
padmin / system settings	PadminTime	changed parameters	Configure time zone and ntp servers.
padmin / system settings	PadminSyslogServer	parameters	Configure syslog server to send system and audit log.
padmin / system settings	PadminZabbix	parameters	Configure zabbix monitoring software.
padmin / system settings	PadminDebugMode	changed parameters	Enable / disable debug mode to have more detailed system log. It does not affect the audit log.
padmin / system settings	PadminSwap	changed parameters	Increase the size of the swap file. It can't be decreased.
padmin / system settings	PadminPmsl	changed parameters	Configure how the PMSL (PassMan Secure Login tool) will be used to login to targets directly from the PassMan UI.
padmin / system settings	PadminRemoteLogin	changed parameters	Enable / disable ssh access to the virtual machine.
padmin / system settings	PadminConfigExport	-	Export all Padmin settings to an encrypted file, and let it download.
padmin / system settings	PadminConfigImport	conf_file	Import all Padmin settings from a previously exported file.