Admin Audit Log Formats

Admin Audit logs show changes made by your administrative team in your organization's Umbrella settings.

Table of Contents


"","2021-07-22 10:46:45","[email protected]","", "logexportconfigurations", "update","","version: 4","version: 5"

The example entry is 126 bytes. To estimate the size of your S3 Logs, see Estimate the Size of Your Logs.

Order of Fields in the Admin Audit Log

<id><timestamp><email><user><type><action><logged in from><before><after>

  • ID—A unique identifier of the audit event.
  • Timestamp—The date and time when this request was made in UTC. This is different than the Umbrella dashboard, which converts the time to your specified time zone.
  • Email—The email of the user that triggered the event.
  • User—The account name of the user who created the change.
  • Type—Where the change was made, such as settings or a policy.
  • Action—The type of change made, such as Create, update, or Delete.
  • Logged in from—The user's IP source.
  • Before—The policy or setting before the change was made.
  • After—The policy or setting after the change was made.

Log Formats and Versioning < Admin Audit Log Formats > DNS Log Formats