Audit

 

Actions performed by Domain Adminstrator(s) are recorded in the Audit Log enabling the review of all actions and changes to be performed.

By default 5 columns are shown for each action performed by a Domain Administrator: Timestamp (Date and time of action being performed), Status, Event (Short description of performed action), User (Username) and Data (Before and After state of the action - Click on "Columns" to expand the section).

 

Click "Show More" for a particular action in the Data column to expand the audit log. Data section contains the name and id of the object (setting) being changed as well as the Before and After state, so the action can be reverted.


Click on "Columns" button to display additional columns with more information contained in the audit log. Available columns are:

  • Timestamp
  • Status (possible errors encountered during the execution of audited action will be reported here)
  • Event
  • User
  • IP Address
  • User-Agent
  • Data
  • Data.<field_name> - Dynamically allocated columns based on fields contained in the Data portion of log lines

Note: Data fields are shown when "Show More" is clicked in the Data column.


In the audit log view it is possible to filter the logs returned, if you are interested in a specific event, time frame, user etc. 

Filter can be constructed in two different ways and they can be edited afterwards:

  • Include and Exclude values
  • Add new filter


Include and Exclude desired values

When you hover your mouse cursor over a value in a log line, two buttons are shown next to the value: , clicking the button will create an include filter for the selected value, meaning only the log lines where the field matches the value you included will be shown. Similarly if you click the button you will create and exclude filter, meaning only the log lines where field does not match the selected value will be returned.

Note: Include and Exclude filters work differently when selecting them for the "Timestamp" field. In case of a Timestamps button means After, meaning only the log lines that were created after the selected time stamp will be returned. Similarly button means Before.

Multiple include and exclude filters can be stacked. Only the log lines that satisfy all conditions will be returned.


Add New Filter

Step 1

Click the "Add Filter" button to manually add a new filter.


Step 2

You can create filter for the following fields: Event, Timestamp, Status, IP Address, User-Agent, User. The logical operators you can use are:

  • starts with / not starts with, which create include/exclude filter for the prefix value
    • e.g. "Event starts with user" filter will match: "user created", "user setting changed"... log lines
    • e.g. "Event not starts with user" will match loglines where event doesn't start with "user": "domain setting changed"...
  • before / after / between, which are only applicable with Timestamp field and allow you to define the time range of log lines returned

When you create a filter click "Save" to apply it.


Edit Existing Filter

When you hover your cursor over an existing filter, new icons will appear, allowing you to quickly edit or interact with the existing filer: 

  • Edit - Add/remove prefix strings or edit the existing one.
  • Toggle - Toggle the filter on or off. If you toggle the filter Off, the filter remains saved, but it does not take effect until you toggle it back On.
  • Invert - Invert the filter, Include filter will become Exclude filter and vice versa. In case of Timestamp related filter, the After filter will become Before and vice versa.
  • Remove - Delete the filter.

Was this article helpful?