What are System Logs?

System logs (not to be confused with syslog) are messages shared by the software on the system to provide additional information about that software's operation. Practically all programs attempt to record logs of their activity to make the details of the work they are doing available for administrators to review. This enables you to better understand why you may be experiencing a particular issue and work to resolve it, or just to confirm that something is running the way you expect.

Viewing System Logs

By default, Logging is enabled and active. It cannot actually be disabled, so you should always have access to logs from connected & online devices. To locate the logs, click the alerts button with the bell icon from any tab in the management platform, then use the Logs button below the navigation header.

Sharing logs

With the purple download button next to the search bar, you can download a copy of the logs resulting from your filter. This can be easily shared with our support team by emailing it to support@alta.inc or using this link. You may also want to download these for your own records, or to send to your colleagues and coworkers for extra analysis.

Searching the logs

Important Note: If you supply nothing in the search bar and click the magnifying glass (or press enter while the cursor is in the search bar), all logs from all devices will start streaming in. We do not do this by default to avoid streaming excessive amounts of data by default.

Across the top of the logs window you will see a search bar, a download button, a Regex toggle switch, and finally the two window controls on the far right to expand the window or close it entirely.

The window will be empty by default until you input a search. Try some simple terms such as err, warn, hostapd & mwan3 in order to see the effect. Once a search term is added, log lines matching the filter will continue to populate the window in real-time as they are generated by system activity. For more advanced filtering, toggle on Regex and continue reading for more information.

Using RegEx for Advanced Log Filtering

Regular Expressions (RegEx) takes this further by enabling advanced pattern-based searches that can match complex variations, formats, and structures in text.

Regular Expressions, often abbreviated as RegEx, are sequences of characters that define a search pattern. They’re widely used in programming, text processing, and data validation to find, match, and manipulate text with precision. At a high level, RegEx lets you describe not just the exact text you want, but also patterns such as “any number,” “any letter,” or “a word starting with A and ending with Z.” For example, the pattern \d{3}-\d{2}-\d{4} can match U.S. Social Security numbers in the format 123-45-6789, while ^Hello will match any line beginning with the word “Hello.”

In practice, RegEx can help with tasks like extracting dates from logs, finding WiFi associations, tracking down a MAC address or a partial MAC address using the OUI (Organizational Unique Identifier). While it can look intimidating at first, many tools exist to help you build and test expressions visually, making it easier for beginners to learn the syntax and see matches in real time.  For your convenience, we’ve included 3 tools at the bottom of this article.

Please note that system logs are in UTC time so any date and/or time based searches should be performed in UTC time. However, the times displayed in the results field are converted to your local system time.

In the above example, note that the intent was to look for all WiFi associations and disassociations. In this case, . is used as well as a number of letters that would appear in both “associated”, “disassociated”, and will match any word that contains “associat”. Also note that the Regex toggle is set to on. The output shows me all log entries where a device either associated or disassociated with any AP on this network.

Also note that the log will update nearly real-time with the filter applied.

Examples

• ^Aug  2 15: - Everything on August 2 at the 1500 / 3pm hour (note the two spaces and ^)
• MyDeviceName   - Search from a specific Alta device (note the space before and after; this could be non-regex too)
• 00:11:22:33:44:55 - Simple MAC address
• 00:11:22:..:..:.. - Everything from a specific manufacturer OUI

A more complex example:
\b([0-9a-f]{2}:){5}[0-9a-f]{2}\b

\b - word boundary to avoid partial matches in longer strings.

([0-9a-f]{2}:){5} - 2 lowercase hex chars + colon, repeated 5 times.

[0-9a-f]{2} - final 2 lowercase hex chars (no colon).

Beginner-friendly RegEx tools

• Regex101 – Live matching, detailed explanation of each pattern.
• RegExr – Interactive builder with community patterns and instant feedback.
• Debuggex – Visual diagram representation of RegEx patterns.

Quick Reference – Common RegEx Tokens

Audit Trail

Audit Trail records which user performed each configuration change, providing a traceable history of actions taken on the platform.

Site-wide Audit Trail

The full audit trail for the selected site is available under Events (notification bell) → Audit Trail. This view shows all recorded configuration actions across the site, including but not limited to changes to networks, WANs, firewall rules, IPS, VLANs, and user management.

Per-SSID Audit Trail

SSID-specific audit data can be accessed within Settings → WiFi, by selecting the SSID and opening its Audit Trail panel. This view shows changes scoped only to that SSID (e.g., SSID name changes, security settings, VLAN/IGMP adjustments).

Note: Audit Logs do not update live. To see more recent log entries, close the Audit Log window within the browser and re-open it.