How do I access the audit log?
Master Admin, Compliance Admin, and Audit users have access to the audit log.
The audit log page can be opened by clicking on Audit Log in the left-hand menu.
What does the audit log show?
The following information is included for each event recorded by the audit log:
- User: User who initiated the event
- Area: Type of event
- Event: Event that was initiated
- Event status: Status which indicates whether the event succeeded or failed
- IP address: IP address of the user who initiated the event
- Time: Date and time the event was initiated
What types of events does the audit log track?
The log is categorized by user, account, connector, recovery, compliance, and security events.
- User events track all events related to account sign-ins, tokens, users
- Account events track all events related to the account
- Connector events track changes to connectors
- Recovery events track all browsing activity, restore and download jobs
- Compliance events track RTBF label activity
- Security events track all changes to SSO, MFA, and SIEM integrations
What events does the audit log record?
The audit log records every time a user:
- Creates a secondary token (e.g., signs in or creates an API token)
- Deletes a secondary token (e.g., signs out or deletes an API token)
- Signs out everywhere
- Has failed authentication attempt (e.g., has a failed sign-in attempt)
- Creates or deletes a new user
- Changes username, email, role, password, or expiration date of a user
- Changes company name
- Changes account language
- Changes contact email
- Agrees to updated Terms of Service
- Creates a new connector
- Changes connector name
- Updates a backup configuration
- Changes connector snapshot retention
- Changes the number of API requests (Salesforce connector)
- Changes connector geo location
- Deletes a connector
- Revives a connector
- Adds or removes a user from connector access list
- Generates or downloads a compliance report
- Schedules a backup (a backup is scheduled the first time a user creates a connector - the next backups run automatically and are not recorded in the logs)
- Schedules a restore (includes import)
- Schedules an item restore
- Creates or deletes a shared link
- Adds a password to a shared link
- Downloads a file
- Downloads a folder as a .zip file
- Downloads a folder as a .pst file
- Previews a file
- Views the dashboard page of a connector
- Browses data (i.e., opens folders in a connector)
- Browses a shared folder (an outside user)
- Creates, edits, or deletes a new SSO configuration
- Enables or disables an SSO configuration
- Enables, updates, or disables MFA
- Adds or deletes a SIEM integration
- Assigns or removes an RTBF label
Filtering audit logs
You can enter terms in the filter field to narrow down the audit data.
You can also use the available filter categories by selecting the filter icon. Make your selections and then select Apply filters.
Downloading the audit log
You can download a CSV file of the audit log by selecting the download icon in the toolbar.
If you filter the list before starting the download, the CSV file is also filtered this way.