The logs feature within Cloud Manager provides a full audit log of all actions performed across your domain. To facilitate the effective management of these logs there is a powerful advanced search filter to allow you to drill down into the data to track changes to your domain , manage security events and assist in investigations. The last 6 months of data are preserved and displayed in the audit logs.
To find the logs, click the Menu bar in the top-left and go to Monitor > Logs
From the 'Logs' table you have options to export data to a .csv file via an email attachment or direct to Google Drive. If configured for your domain there is also the option to export the data directly to Google Big Query.
Audit Log Permissions
To view the full Audit Logs within CloudManager, the user account will need to have the View Logs permission configured for the role they are assigned to. If you require a user to only view the audit logs for their own actions, they need to have the View Own Logs permission configured.
Several options are available in the filter options (accessed via the three-dots Actions menu in the top right corner of the screen).
- User - this displays the account used to perform the action. In certain circumstances this will display as 'System' e.g. domain synchronisation events
- From/To - you can specify a timeframe within the logs to search for events within that window
- Context type - this list allows you to filter an event against a specific item type e.g. profile
- Context name - this is the target of an action e.g. if an end date is set for a user you can filter for that user here rather that the account who configured the date
- Operation type - filter for a specific type of event e.g. assign alias
- Country - narrow the search to a geolocation