Monitoring Audit Log - Online Help | Zoho Desk

Monitoring Audit Log

A business witnesses a spectrum of activities on a daily basis, such as setting up configurations, adding users, deleting records, interactions with customers. Although there are applications that can automate much of these processes, and there are teams dedicated to managing certain activities, it is still important to be aware of all that is happening and monitor them regularly.

Ticketing software like Zoho Desk helps manage support interactions, triggers workflows to automate regular tasks, guides agents to ticket closure, allows user management, and more. For a system that handles such crucial and complex day-to-day activities, it is important that the administrator keeps track of all the events and changes in the system.

As an administrator, it is crucial to monitor and keep a tab on all the activities that take place in their organization's Desk account. This will help them understand,
  1. What caused an event?
  2. What happened before or after an event?
  3. Who performed the actions?
  4. When was something done?
Over time, these insights can help pinpoint errors, troubleshoot, revert changes before consequences, and, most importantly, analyze if the processes are working as desired. For example, the audit log will display if a workflow notification was sent to the agent when the ticket status changed to "under evaluation".

Availability 
InfoPermission Required
Users with administrative privilege can view and access Audit log.
Check Availability and Limits

Viewing audit log

Audit log is the sequence of events or actions performed by the Zoho Desk users, displayed in chronological order.  By default, all users who have admin access can view the audit log.

In the audit log, admins can view the changes that were made to workflows, blueprints, agents, departments, assignment rules, contacts, accounts, and custom modules.


Upon clicking each entry, the admin will be able to view the details of the respective log in the log details popup.


When data belonging to entities such as modules and rules is added or updated, the detailed view will display both the previous value and the new value. For example, if the Website field was empty during contact creation but later updated, the Old Value will show as blank (since no entry was made), while the New Value will display the updated field content.
Audit log tracks changes across the following entities:
  1. Department
  2. Business Hour
  3. Holiday List
  4. License
  5. Agents
  6. Roles
  7. Data Sharing
  8. Module
  9. Accounts
  10. Contacts
  11. Custom Module
  12. Layouts
  13. Fields
  14. Workflow
  15. Workflow Alerts
  16. Field Updates
  17. Tasks
  18. Custom Functions
  19. Blueprint
  20. Macros
  21. Direct Assignment Rule
  22. Round Robin Rule
  23. Skills
  24. Escalate (SLA)
  25. Supervisor Rules
  26. Support Contract
  27. Schedules
  28. Email Templates
  29. Template Folder
  30. Notification Rules
  31. Import
  32. Export
  33. Data Backup
  34. PhoneBridge
  35. ActionMapping
  36. Audit Log
  37. API Usage Alerts
Notes
Note:
  1. Even if an admin doesn't have access to a particular department, they will be able to view the actions that were performed on a record that belongs to this department.
  2. Generate an audit log for layouts and fields by selecting the Agents and Workflow option from the Entities field drop-down while applying filters. The log will display the date and time of additions, details of what has been added, the person responsible for the additions, along with their IP address and department information. Additionally, it will provide information about the specific action and sub-action performed.
  3. Audit logs are retained for a minimum of two years.
The following information will be displayed about each action:
  1. Date and time when the action was performed
  2. Details of the action performed
  3. User's name who performed the action
  4. IP address of the device from which the action was performed
  5. The department in which the action was performed
  6. In entity, the configurations and modules where the action happened, such as field update, workflow, contacts, accounts, and assignment rules.
  7. Type of action performed (if the record was edited, added, or deleted)
  8. Name of the action
  9. Sub-action is an additional detail about the action that was performed are displayed.
The following actions will be captured in the audit log:
Add
Create a new record or entry
Update
Modify details of an existing record
Delete
Permanently remove a record
Export
When clicking the export from the desk
Download
File downloaded to the user's device
Online
When availability status changes to online in channels (Email, Phone, Chat, IM).
Offline
When availability status changes to offline in channels (Email, Phone, Chat, IM).
To view audit log
  1. Navigate to Setup > Privacy and Security > Audit Log.
In the Audit log page, a list of actions performed by users will be displayed. The most recent action will be displayed at the top.

Filtering audit log

Users can filter the audit log to find specific records quickly. The records can be filtered based on the following criteria:
  1. Date - Today, last 7 days, or custom dates
  2. User who performed the action
  3. Department
  4. Entity - Includes the module and configuration where the action was performed
  5. Actions - Added, updated, and deleted
To filter records in audit log
  1. Navigate to Setup > Privacy and Security > Audit Log.
  2. In the Audit Log list view, click the Filter icon from the top.
  3. In the left panel, select the values in the fields using which users want to filter the records.
  4. Filter with Date, Department, Performed by, Entity, and Action. Based on the filtering criteria, records will be displayed.

Exporting Audit Log

Admins can export the audit log data as a CSV file to filter data, sort, and search for specific events, which will help to detect irregularities, track user actions, and adhere to the organization's compliance.
To export the audit log
  1. Navigate to Set up > Privacy and Security > Audit Log.
  2. Click Export from the top-right
  3. Choose the time range
    1. Today – Records created or updated from midnight to now.
    2. Yesterday – Records from the previous calendar day.
    3. Current Week – Records from this week starting from Monday to today.
    4. Current Month – Records from the 1st of the current month to today.
    5. Last 7 days – Records from the past 7 days, including today.
    6. Last 30 days – Records from the past 30 days, including today.
    7. Last 60 days – Records from the past 60 days, including today.
    8. Custom – Records from the selected start and end dates will be exported.
  4. A pop-up to download the audit log export will be displayed. Click Download.


Notes
Note:
  1. The audit log can be exported to a maximum of 30 days. 
  2. Admins can export a maximum of 50 audit logs per day.
  3. Once an export is triggered, the admin can export another file only upon completion of the first one. 
  4. An email notification will be sent to the admin once the export is completed.