Question: We had a couple of situations there Seq server settings (such as disable authentication, add keys etc.) are changed.

How can I see the audit log of the Seq server so that I can see who changed authentication settings etc.?

Answer: On the Seq server, you should find some log files in a directory like 

C:ProgramDataSeqLogs.

The log files are in JSON format; searching through them as text might be sufficient to track the information down, but if not, you can also use 

seqcli ingest --json -i

 to ingest the log data into another Seq instance for analysis.

Note that only the most recent 30 days logs are retained.