Executive Summary
Private Cloud Director (PCD) now provides built-in audit logging for core platform services, accessible through the UI and API. Audit logs capture administrative and operational actions across Identity, Compute, and Networking services, giving infrastructure teams a centralized record of who did what, when, and from where. This capability supports compliance workflows, change tracking, and operational troubleshooting across all PCD deployment models, without requiring external log aggregation for basic audit needs.
Background
Tracking administrative actions is a baseline requirement for any enterprise infrastructure platform. Organizations operating under compliance frameworks such as SOC 2, HIPAA, or PCI-DSS need verifiable records of configuration changes, access events, and resource lifecycle operations. Even outside formal compliance mandates, audit trails are essential for root cause analysis, change management, and security investigations.
Administrators familiar with VMware vSphere will recognize this as analogous to the vCenter event and task logging system, which records operations performed through the vSphere Client or API and can be forwarded via syslog for retention. PCD takes a similar approach: core API events are captured, persisted, and made available for review and export directly from the platform.
For organizations evaluating Private Cloud Director as a VMware alternative, built-in audit logging addresses a common due diligence requirement: confirming that the platform provides the same operational visibility their teams rely on today.
Technical Detail
What Gets Logged
PCD audit logging captures API-level events from three core services:
- Identity (Keystone): Authentication events, token operations, user and project management actions.
- Compute (Nova): VM lifecycle operations such as creation, deletion, start, stop, resize, and migration actions.
- Networking (Neutron): Network, subnet, router, port, and security group operations.
Each audit log entry records a consistent set of fields:
| Field | Description |
|---|---|
| timestamp_utc | UTC timestamp of the event |
| region | The PCD region where the event occurred |
| project_id | Tenant/project associated with the action |
| user_id | UUID of the user who performed the action |
| username | Human-readable username |
| action_name | The operation performed (e.g., create, delete, update) |
| resource_type | The type of resource acted upon (e.g., servers, routers, networks) |
| resource_id | UUID of the affected resource |
| action_result | Outcome of the operation (e.g., success) |
| source_ip | IP address from which the action was initiated |
Fields that cannot be populated for a given event display as unknown, and UUID fields that are unavailable are represented as 00000000-0000-0000-0000-000000000000.
Accessing Audit Logs in the UI
Audit log retrieval is available to admin users. To access logs, navigate to Settings (gear icon) and select Audit Logs.
The UI requires four mandatory filters before retrieving results:
- Region – Select the target PCD region.
- Domain – Select the identity domain.
- Tenant – Select the tenant/project scope.
- Service – Choose from Identity, Compute, or Networking.
By default, PCD retrieves logs from the past 24 hours. Enabling the Use Optional Filters toggle allows selection of a custom time range for broader or more targeted queries.
Export Format
Clicking Download Logs exports the current result set as a .ndjson (newline-delimited JSON) file. Each line contains a single JSON object representing one audit event. This format is compatible with common log analysis tools such as jq, Elasticsearch ingest pipelines, Splunk, and Datadog log pipelines.
Example entry:
API Access
Audit logs are also available via a REST API endpoint, restricted to admin users. This enables programmatic retrieval for integration with external SIEM platforms, automated compliance reporting, or custom dashboards. Refer to Platform9 documentation for endpoint details.
Operational Considerations
Admin-only access. Audit log retrieval, both through the UI and the API, is restricted to admin users. Tenant users and self-service users do not have access to audit logs.
Deployment-aware configuration. Audit logging is available in SaaS-managed, self-hosted, and air-gapped PCD environments. For self-hosted deployments, retention, PVC sizing, and storage class are configurable through deployment options prior to installation. Refer to the Audit Logging documentation for configuration details. For SaaS-managed environments, Platform9 manages audit log retention and storage. The UI and API access experience is identical across all deployment models.
Key Takeaways
- PCD audit logging captures administrative and operational events across Identity, Compute, and Networking services, providing a built-in audit trail for compliance and operational visibility.
- Logs are accessible through the PCD UI (Settings > Audit Logs) and via API, both restricted to admin users.
- Export is available in .ndjson format, compatible with standard log analysis and SIEM tooling.
- Audit logging is available across SaaS-managed, self-hosted, and air-gapped deployments, with an identical access experience regardless of operating model.
- For the latest feature updates and known issues, consult the PCD Release Notes and Audit Logging documentation.
