Audit Logs

Yes to all of this! 

Building out the audit log to include User / Organization changes and to be searchable would help tremendously. Not only would it help us, but it would also help your team troubleshoot issues. Win, win!

With the changes to the audit log now showing succesfull log ins, this causes the audit to be overloaded with agent log-ins especially when we have over 800! 

Is there any plans on making the audit more searchable so you can filter for the type of change that was made?

It's quite noisy, you're right. Search/filter/sort is the next piece of functionality we want to introduce so it's at the top of the list. 

Would love to hear what kind would be useful to you if you're open to sharing!

Hey @Caroline Kello

Thanks for acknowledging how noisy this is. Since this was enabled, each day has about 4 pages of audit log entries just for sign ins alone. it's taken an already bad experience to worse. 

Glad to hear this is finally getting looked at, thank you!

For us, at a minimum, we need to be able to search/filter (inclusively and exclusively) by

• Event Date/Time (exact match, or range)
• Actor (searchable dropdown like we have in tickets, perhaps?)
• IP Address (text field)
• Type (Created, Updated, Audit, Apps)
• Item Changed (Ex: New Organization, Macro Created, Macro Updated)
• Item Changes (this one could be tricky but being able to search for any changes made to any macros using FIELD X would be great at scoping out how some changes were made.
• Ability to jump to a specific page number (even if just by query parameter in the URL

Thanks for considering!

Dan, have you checked out the new location of audit log in Admin Center? It will give you the date range filter and export to csv. 

Thanks for the clarification on "search/filter (inclusively and exclusively)". That was something I had on my list to validate. I'll take a look at "Ability to jump to a specific page number (even if just by query parameter in the URL" that might be something we can look at separately. 

Nope, never knew that existed, and I was recently in this part of the UI a few weeks ago. I was using the Admin Settings-> Account->Audit Logs in Support. Do these logs include audits for any product we own, or just Support?

I didn't see this in any release notes, was there any announcement on this made anywhere?

Overall, this looks pretty good!  I'll check this out a bit, it's definitely headed in the right direction.

Thanks for the reply Caroline!

It was released yesterday, so no wonder you didn't see it 😄 It's the same logs for now, but a starting point to allow us to scale and add in more features with the end goal of removing the Support location. 

@Caroline Kello This is great! Looking forward to the next release - definitely headed in the right direction.

One thing I'd love to see changed is that all of the user sign-in logs shouldn't be part of the account audit logs. It would be amazing if that was moved to a spot on the individual user's profile page. 

Hey Stephen, end-user sign ins isn't captured at the moment, it's only agent activity. Are you seeing something different on your account at the moment? Or just feedback for future consideration? 

@Caroline Kello Right, sorry for being unclear. I did mean agent sign-in logs - it would be great if that was on the agent profile page, instead of cluttering up account audit logs. Feedback for future consideration.

Thanks for the clarification and feedback, much appreciated! 

@Caroline Kello I agree that the audit log is not useful now that successful logins are listed.  Date range isn't a helpful filter for me - most of the time I'm looking to see who changed a particular record so I can talk to them about it - I have no idea the date the change was made.  Now there are pages of successful log in lines so I can't even reasonably do a browser search on a few pages to find what I'm looking for.

A search on the key words in the items changed field would be very helpful.  Or a search on the user role (including custom roles) could also be helpful - I'm mostly looking for activity that only an admin or someone with extra security could do.  So that activity would narrow down my search.

I'd really like the ability to find out who edited a user's name. This is the scenario: customer writes in that their name has been changed to "Customer <unprintable expletive>". How do I find out whether it was an agent that modified the customer name, or whether it was the customer trying to "prank" us?

Adam

Great suggestion Adam! I'd like to expand it to include any changeable attribute (name, email, custom fields etc.) 

One really awesome feature would be an admin only 'view this object in Audit Logs' button. 

Having somewhere on the User or Org that I can click to take me to a prefiltered part of the audit log to just show me events with that object would be SUCH a timesaver!

I noticed that there was a recent change that allowed for a few more audit log activities to be shown.

"Audit log now shows events for when an agent is added to and removed from a group, when an organization is deleted, and when a group is deleted."

It's great seeing movement here, I hope that this continues until everything is available.  I also agree that filters should be added sooner than later aside from date ranges. There are some filter options available via the API but it's still fairly tedious and I find myself regularly wishing for action to be an available option

Filtering is next on our list; we're planning on this being an iterative approach and are currently working on the ability to filter by actor with more actions/filters to come. 

As for gaps in our audit log events, that's something that's top of mind for us as well and we're planning on continuously closing those gaps until we're as close to "everything" as possible.

More good stuff to come! 

It would be awesome if you could search via Agent/End-user and see all the changes that they have made.

I was looking for a change to a trigger that an Agent made but could not locate and figured it might be in the audit log. I knew who made the change but not when. So it would be nice to be able to sort by Name.

Hey Sydney, 

Filter by Actor is available in the Audit log in Admin Center where you can search for agent activities and date ranges. End-user activity isn't available currently. 

Thanks Caroline! That does prove helpful however there are a lot of logs (specifically signing in). It would be awesome to be able to search for the item before exporting it (it is best practice to not download/keep PII information).

Yes, totally agreed - more granular filtering (specifically per item) in the Audit log is something we currently have on the roadmap for later in the year.

I would like to also request audits of changes to the end user profile. This is key customer information and we should be able to audit which agent or user added/changed/removed the information and when.

Hi 

We would like to see more end-user updates especially to user profile name as this would be useful to understand if it was customer error or an agent has changed - with data breaches top priority it helps understand where the change was made.

Hi,

We would like to have much more useful data displayed in the audit logs, such as when any change is made to a user or an organisation. 

It is vital for us as a responsible business holding customer information that we have a duty of care to ensure the data is accurate and if a change is made we are able to see when and what was changed and by whom - this is more important to me than seeing when someone has logged in or changed their password, which fills the audit log at present.

Thanks

same! please add this feature asap. It allows for complete transparency and the ability to hold individuals accountable. 

Hey folks,

We've two themes going for the audit log work in 2021: a) we want data to be easier to find which includes work like better filtering capabilities, and b) we want data to be there to find, which means we're looking to close the gaps on some audit events that we know are missing focusing on Support settings to start with. Looking forward to being able to share those updates as work progresses and will make sure to update this thread.