The Admin Audit log records changes that have been made by your administrative team in your organization's Umbrella settings. Logs appear when change events occur in the dashboard, such as adding a user or modifying a policy. You can access data in 90-day increments. For more information about the details of the logs, see Manage Your Logs > Log Format and Versioning > Admin Audit Logs.
Table of Contents
Generate Admin Audit Log Report
- Navigate to Reporting > Management > Admin Audit Log.
- Configure filters and then click Run Filter.
Optionally, select Show All to include events created by agents outside of the organization.
Identities & Settings—Filter by identity or setting.
User—Filter by user.
IP Address—Filter by IP address.
Date—Select a date range to see the changes for that period or select a user or the IP of the network that made the changes. The maximum supported range is 90 days.
Note: Any identity or setting that was deleted or re-named as part of an admin change will not be searchable in the filter as it is no longer in the database. However, the change has still been recorded and can be filtered by the User, IP Address or time range.
- Click an Action to view further details of an event.
Export Admin Audit Log to an S3 Bucket
The Admin Audit log includes:
- Policies, Identities or Block Pages that were Created
- Policies, Identities or Block Pages that were Changed
- Policies, Identities or Block Pages that were Deleted
- Destinations that were created, deleted, or updated by the Umbrella Destination Lists API
Log Management
You must have logging enabled for the Admin Audit log to be exported to your S3 bucket. For more information see Manage Your Logs.
- Navigate to Admin > Log Management.
- Under your activated S3 bucket, navigate to Admin Audit Log. Click on the toggle bar to enable Admin Audit Log reports to be exported to your S3 bucket.
Umbrella saves your Admin Audit logs to the auditlogs
folder.
Identity Details < Admin Audit Log Report
Updated 2 days ago