Skip to main content

Audit Logs

Organization Audit Logs - Tracking User Activity

Updated this week

Overview

Organization audit logs provide a complete record of all actions performed by users in your organization. This feature is essential for compliance, security monitoring, and understanding changes to your organization's configuration.

By reviewing audit logs regularly, you can maintain visibility into who did what and when in your organization.

Important Note: This article covers organization audit logs that track user actions and configuration changes.

For searching your ingested network logs, refer to the Hot Search and Cold Search documentation.

Accessing Audit Logs

To view your organization's audit logs:

  1. Navigate to your organization's audit logs page at /organizations/:orgId/audit-logs

  2. The audit log interface will display with search and filtering capabilities

Required Permissions: You need appropriate organization-level permissions to access audit logs. If you cannot see the audit logs page, contact your organization administrator.

Understanding Audit Log Entries

Each audit log entry contains key information about actions taken in your organization:

  • Timestamp: When the action occurred

  • User ID: Which user performed the action

  • Organization ID: The organization context

  • Action: What type of action was performed

  • Resource Type: The type of resource affected (if applicable)

  • Resource ID: The specific resource identifier (if applicable)

  • Details: Additional context about the action

Searching and Filtering Audit Logs

The audit logs interface provides several ways to find specific activities:

Use the main search bar to quickly find audit log entries. The search functionality helps you locate specific actions or events across your audit trail.

Filter Options

The audit logs page includes a filter grid that allows you to narrow down results:

  • Date Range: Select a specific time period to review

  • User Activity: Filter by specific users

  • Action Types: Focus on particular types of actions

  • Browser Information: View which browsers were used for actions

Active filters are displayed clearly so you can see what criteria are currently applied to your audit log view.

Tips for Effective Searching

  • Start with broader date ranges and narrow down as needed

  • Combine multiple filters to pinpoint specific events

  • Use the search bar for quick lookups of known actions or users

  • Review active filters to ensure you're seeing the complete picture

What Actions Are Logged

Audit logs capture a comprehensive range of user activities within your organization, including:

  • User management actions (adding, removing, or modifying users)

  • Organization configuration changes

  • Permission and role modifications

  • Access to sensitive areas or data

  • Administrative actions

The system automatically records these actions with full context, ensuring you have a complete audit trail.

Reviewing Audit Logs for Compliance

Regular audit log reviews are essential for maintaining security and compliance:

Best Practices

  1. Establish a Review Schedule: Set up regular intervals (weekly, monthly) to review audit logs

  2. Focus on Critical Actions: Pay special attention to user management, permission changes, and configuration modifications

  3. Look for Anomalies: Watch for unusual patterns, such as actions at odd hours or unexpected user activities

  4. Document Your Reviews: Keep records of your audit log reviews for compliance purposes

  5. Set Up Alerts: If available in your organization, configure notifications for critical actions

Common Review Scenarios

  • User Onboarding/Offboarding: Verify that user access was granted or revoked appropriately

  • Configuration Changes: Track who made changes to organization settings and when

  • Security Incidents: Investigate suspicious activities or policy violations

  • Compliance Audits: Generate reports showing user activities during specific periods

Exporting Audit Logs

For compliance and record-keeping purposes, you may need to export audit log data. Check your organization settings for available export options that allow you to:

  • Save audit logs for long-term retention

  • Share logs with compliance officers or auditors

  • Integrate with external security information and event management (SIEM) systems

  • Create reports for regulatory requirements

Troubleshooting

Audit Logs Not Loading

If you encounter issues viewing audit logs:
- Verify you have the necessary permissions
- Check your network connection
- Refresh the page to reload the data
- Contact your administrator if the problem persists

Missing Audit Log Entries

If you expect to see certain actions but don't:
- Verify the date range filter includes the time period in question
- Check that no other filters are excluding the entries
- Confirm the action type is one that gets logged
- Review your active filters to ensure they're not too restrictive

  • User Management: Learn about managing users in your organization

  • Organization Settings: Configure your organization's general settings

  • Dashboard: View your organization overview and statistics at /organizations/:orgId/dashboard/:orgId

Need Help? If you have questions about audit logs or need assistance interpreting specific entries, contact your organization administrator or support team.

Related Articles
What are Archived Logs?
Archived Logs Page
Location IP Management
How to send your first logs to LogCentral
How to Delete a Location
Did this answer your question?