The logs feature within Cloud Manager provides a full audit log of all actions performed across your domain. To facilitate the effective management of these logs there is a powerful advanced search filter to allow you to drill down into the data to track changes to your domain , manage security events and assist in investigations. The last 6 months of data are preserved and displayed in the audit logs.
To find the logs, click the burger bar in the top-left and go to Monitor > Logs
From the 'Logs' table you have options to export data to a .csv file via an email attachment or direct to Google Drive. If configured for your domain there is also the option to export the data directly to Google Big Query.
Audit Log Permissions
Please note to view the full Audit Logs within CloudManager the user account will need to have the 'View Logs' permission configured to the role they have. If you wish for users to view the audit logs for their own actions only there is a permission for this purpose called 'View Own Logs'
Several options are available in the filter options (accessed via the three-dots context menu in the top-right)
- User - this displays the account used to perform the action. In certain circumstances this will display as 'System' e.g. domain synchronisation events
- From/To - you can specify a timeframe within the logs to search for events within that window
- Context type - this list allows you to filter an event against a specific item type e.g. profile
- Context name - this is the target of an action e.g. if an end date is set for a user you can filter for that user here rather that the account who configured the date
- Operation type - filter for a specific type of event e.g. assign alias
- Country - narrow the search to a geolocation