Question: We had a couple of situations there Seq server settings (such as disable authentication, add keys etc.) are changed.
How can I see the audit log of the Seq server so that I can see who changed authentication settings etc.?
Answer: On the Seq server, you should find some log files in a directory like
C:ProgramDataSeqLogs.
The log files are in JSON format; searching through them as text might be sufficient to track the information down, but if not, you can also use
seqcli ingest --json -i
to ingest the log data into another Seq instance for analysis.
Note that only the most recent 30 days logs are retained.