I’ve spent hours trying to figure out why the Security Audit Log in the Admin console is failing to capture agent login events for the last 48 hours, despite the Global Settings showing ‘Audit Log Retention’ set to 1 year. The system health dashboard indicates no errors, yet the compliance export is incomplete.
Thanks for the help.
This is actually a known issue…
{
"audit_log_level": "VERBOSE",
"include_agent_events": true
}
Check if the verbose flag was toggled off during the last config update.
Have you tried verifying the audit log configuration via the Admin API? The console settings might not reflect the actual backend state. Run a GET request to confirm include_agent_events is enabled.
GET /api/v2/admin/audit-logs/settings
This often reveals discrepancies between the UI and the active configuration.
Have you tried checking the WFM schedule publication logs? Sometimes bulk publishing triggers a temporary audit suppression if the service account lacks specific permissions.
It’s a common gotcha when automating weekly schedules. Verify the OAuth scope on the service account handles the login events correctly.