The Admin Audit log records changes that have been made by your administrative team in your organization's Umbrella settings. Logs appear when change events occur in the dashboard, such as adding a user or modifying a policy. You can access data in 90-day increments. For more information about the details of the logs, see Manage Your Logs > Log Format and Versioning > Admin Audit Logs.
- Navigate to Reporting > Management > Admin Audit Log.
- Configure filters and then click Run Filter.
Optionally, select Show All to include events created by agents outside of the organization.
Identities & Settings—Filter by identity or setting.
User—Filter by user.
IP Address—Filter by IP address.
Date—Select a date range to see the changes for that period or select a user or the IP of the network that made the changes. The maximum supported range is 90 days.
Note: Any identity or setting that was deleted or re-named as part of an admin change will not be searchable in the filter as it is no longer in the database. However, the change has still been recorded and can be filtered by the User, IP Address or time range.
- Click an Action to view further details of an event.
The admin audit log includes:
- Policies, Identities or Block Pages that were Created
- Policies, Identities or Block Pages that were Changed
- Policies, Identities or Block Pages that were Deleted
You must have logging enabled for the admin audit log to be exported to your S3 bucket. For more information see Manage Your Logs.
- Navigate to Admin > Log Management.
- Under your activated S3 bucket, navigate to Admin Audit Log. Click on the toggle bar to enable Admin Audit Log reports to be exported to your S3 bucket.
Your logs will be saved to the folder auditlogs.
Identity Details < Admin Audit Log Report
Updated 22 days ago