Some entries in the Audit Log are not consistent when the action is not performed by a specific user.

Steps to reproduce:

1. Create a User Directory and set it "Read Only, with Local Groups";
2. Define some groups in Default Group Memberships;
3. Save and sync the directory;
4. Log into Confluence with a User to be added to the default groups;
5. Check the Audit Log;

Expected results

We see a change "User added to group" made by the user "System", just as any other automatic user change, like a directory sync.

Actual results

The user responsible for the change is "Anonymous". There are also the IP addresses from Confluence host server and from the client machine used to log in.

Notes
If the group doesn't exist when the action above is triggered, we can also see an entry "Group created" changed by the last user that edited the User Directory along with the same IP addresses described above.