Skip to main content
Audit Trails
Updated over 3 months ago

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

Audit Trail tracks changes in activity settings made by Users and Administrators.

Access path

On the inSync Management Console menu bar, click Audit Trails.

User Audit Trail

Audit trails main display.png

Overview

User Audit Trail displays the activities made by users over a selected time period. The following table lists the user activities that you can filter according to the activity types.


📝 Note
If users prevent administrator access to their data, the administrators cannot search and view information on the files or folders that users download or restore. For more information, see Configure the user data privacy policy.


View user activities

To view user activities:

  1. On the inSync Management Console menu bar, click Audit Trails.

  2. Click the User Audit Trail tab.

  3. In the User section, enter the email IDs of the users you want to filter the audit trail for. You can enter multiple comma-separated valid email IDs. The activity trail for invalid email IDs will not be displayed.

  4. In the Activities related to list, click the filter that you want to apply. The list of activities and related filters is listed below.

    • All - Displays all activities of users. For example, device replacement details.
      Note: Files & Folders (additional) activities will not be displayed.

    • Access & Backup - Select the required filters to view the details of the following activities related to Access & Backup.

      • Mobile Access - Activities where users accessed backup data by using their mobile.

      • Unauthorized Access - Activities where users tried to access inSync from outside of your corporate network.

      • Data Downloaded - Activities where users downloaded backup data.

      • Data Restored - Activities where users restored data backed up from the device to a specific location.

    • Collaborator - Select the required filters to view the details of the following activities related to Collaborator.

      • Added - Activities where users were added to the list of collaborators for a shared folder.

      • Removed - Activities where users were removed from the list of collaborators for a shared folder.

      • Permission changed - Activities where permissions for a collaborator on a folder were changed.

    • Files & Folders - Select the required filters to view the details of the activities related to Files & Folders.

      • Folder Shared - Activities where users shared folders by using inSync Share.

      • Folder Un-shared - Activities where users stopped sharing previously shared folders.

      • Folder Synced - Activities where users synced shared folders.

      • Folder Un-synced - Activities where users un-synced shared folders.

      • Downloaded - Activities where users downloaded folders by using inSync Share

      • Restored - Activities where users restored folders by using inSync Share.

      • Purged - Activities where users purged folders by using inSync Share.

    • Files & Folders (Additional) - Select the required filters to download the details of the activities related to Files & Folders (Additional).

      • Added - Activities where users added files & folders.

      • Deleted - Activities where users deleted files & folders.

      • Files Edited - Activities where users edited files.
        Note: These activities are not displayed on the activities page and can be downloaded only.

    • Links - Select the required filters to view the details of the activities related to Links.

      • Created/Shared - Activities where users created or shared a download link for a file.

      • Edited - Activities where users edited a download link for a file.

      • Viewed - Activities where users viewed a download link for a file.

      • Downloaded - Activities where users downloaded link for a file.

      • Deleted - Activities where a user deleted a download link.

      • Expired - Activities where a download link stopped being active.

    • Workspace - Select the required filters to view the details of the activities related to Workspace.

      • Synced - Activities where a user synced a workspace.

      • Un-synced - Activities where a user un-synced a workspace.

  5. In the Time Period list, select the period for which you want to view the list of user activities.

  6. Click View. The activity results for the filters applied will be displayed. By default, no activities will be displayed.

Download or view user audit trail

As an administrator, you can download the user audit trail in HTML or CSV format. Cloud administrators can view and download audit trail of all users. However, profile administrators can view and download user activity of only those profiles that are assigned to the profile administrator. Additionally, users who have data protection officer role & view only role can view and download the user audit trail.

To download or view user audit trail:

  1. On the inSync Management Console menu bar, click Audit Trails.

  2. Click the User Audit Trail tab.

  3. In the Activities related to list, click the filter that you want to use.

  4. In the Time Period list, click the period for which you want to view the list of user activities.

  5. In the Download list, click the file format in which you want to download the data about user activity.

  6. Click View to view the audit trail activity results.

The downloaded file is saved at the default download location of your web browser.

User Audit Trail report details

HTML format sample report

user audit trail HTML sample edited.png

CSV format sample report

user audit trail sample csv 1 edited.png

Field

Description

Generated

Date and timestamp when the report is generated.

Activities

Activity type for which the report is generated.

Interval

The time period selected to generate the report.

Time Zone

The time zone for the country that is selected.

Audit Trail

The audit trail for which the report is generated.

Username

Username of the user who performed the activity.

Email ID

Email ID of user who performed the action.

Activity

The activity type the user selected to perform.

Item

Details of the files/folder/User/device on which event is performed.

IP Address/ Device

User's public IP address is logged if the activity is performed from inSync Web.

Devices name is logged if the activity is performed from a Client device.

Time

Timestamp when the activity is performed.

Details

Details of the activity performed.

Time period filter

The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period for users is 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.

To view user activities for more than 30 days, you must change the audit trail retention policy for the users.


📝 Note
User audit trail for File & Folder (additional) activities will be retained for 3 months only.


Administrator Audit Trail

Admin audit trail.png

Overview

Administrator Audit Trail displays the activities made by administrators over a selected time period. The following table lists the administrator activities that you can filter according to the activity types.

Filter

Activity types

All Activities

All activities of all administrators.

Profile

All profile-related activities that an administrator performs.

User

All user-related activities that an administrator performs.

Storage

All storage-related activities that an administrator performs.

Administrators

All administrator-related activities that an administrator performs.

Roles

All role-related activities that an administrator performs.

CloudCache Mappings

All CloudCache mapping-related activities that an administrator performs.

Devices

All Devices-related activities that an administrator performs.

Restore & Share

All restore and share-related activities that an administrator performs.

Settings

All settings-related activities that an administrator performs.

CloudCache

All CloudCache-related activities that an administrator performs.

Unauthorized Access

All attempts by administrators to access inSync Management Console from outside corporate network.

SaaS Apps

All SaaS Apps related activities that an administrator performs. For example, enable or disable backup for Exchange Online.

SharePoint Online

All SharePoint Online-related activities that an administrator performs.

Microsoft Teams

All Microsoft Teams related activities that an administrator performs.

Slack

All Slack related activities that an administrator performs.

Others

All other activities that an administrator performs.

Federated Search Logs

The following administrator activity logs from Federated Search can be searched in Admin Audit Logs:

  • Delete

  • Quarantine

  • File Search

  • Email Search

  • File Search Results sent via email

  • Email Search Result sent via email

  • Download search result (file/email)

View administrator activities

To view administrator activities:

  1. On the inSync Management Console menu bar, click Audit Trails.

  2. Click the Admin Audit Trail tab.

  3. In the Activities Type list, click the filter that you want to use.

  4. In the Administrator list, click the administrator whose activities you want to view.

  5. In the Time Period list, click the period for which you want to view the list of administrator activities.

Time period filter

The administrator activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list time period is dependent on how the audit retention period is configured. By default, the audit retention period for an administrator is to 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.

To view user activities for more than 30 days, you must change the audit trail retention policy for the administrator.

Download or view the list of administrator activities

You can download the list of administrator activities in either HTML or CSV format.

To download the list of administrator activities:

  1. On the inSync Management Console menu bar, click Audit Trails.

  2. Click the Admin Audit Trail tab.

  3. In the Activities by Type list, click an administrator activity that you want to view.

  4. In the Administrator list, click the administrator whose activities you want to view.

  5. In the Time Period list, click a period for which you want to view the administrator activity.

  6. If you want to download the admin audit trail in HTML format, click Download > Download HTML.

  7. If you want to download the admin audit trail in CSV format, click Download > Download CSV.

  8. Click View to view the audit trail activity results.

The list of administrator activities is downloaded on your computer in the format that you selected.

Admin Audit Trail report details

HTML format sample report

audit trail html sample.png

CSV format sample report

audit trail CSV sample.png

Field

Description

Generated

Date and timestamp when the report is generated.

Activities

The activity for which the report is generated.

Administrators

Administrator name who performed the activity.

Interval

The time period selected to generate the report.

Time Zone

The time zone for the country that is selected.

Audit Trail

The audit trail for which the report is generated.

Administrator Name

Name of the administrator who performed the activity.

Activity

The activity type the administrator selected to perform.

Details

Details of the activity performed.

Time

Timestamp when the activity is performed.

Configure audit trail retention policy

Overview

With the audit trail, you can track the operations of users and administrators. Audit trail records are retained based on the audit trail retention policy. By default, the audit retention period for a user and an administrator is 30 days.

The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period is 30 days. The options available in the Time Period list are the following:

  • Today

  • Last 7 Days

  • Last 30 days

  • Last 3 months

  • Last 6 months

  • Last 1 year

  • Ever

If you change the default retention period to 6 months, the changes will immediately reflect in the time period list of the administrator. You will now see 6 months added to the list in addition to the already available options.

If you want to retain audit trails forever, select Ever from the drop-down list.

Configure the audit trail retention policy for administrator activities

To configure the admin audit trail:

  1. On the Management Console menu bar, click > Settings > Endpoints & SaaS Apps Settings

2. In the “Audit Trail Retention Policy” section, click on Edit. The Edit Settings window appears.

3. In the Retain admin audit trail for dropdown, click the duration for which you want to retain the audit trail. The default retention period is 30 days.

4. Click Save.

For more information on the administrator audit trail, see View audit trails for administrators.

Configure the audit trail retention policy for user activities

To configure the user audit trail

  1. On the Management Console menu bar, click > Settings > Endpoints & SaaS Apps Settings

2. In the “Audit Trail Retention Policy” section, click on Edit. The Edit Settings window appears.

3. In the Retain user audit trail for dropdown, click the duration for which you want to retain the audit trail. The default retention period is 30 days.

4. Click Save


📝 Note
User audit trail for File & Folder (Additional) activities will be retained for 3 months only.


For more information on user audit trail, see View audit trails for users.

Did this answer your question?