The Audit log shows various changes in your Zendesk. It saves a record of these changes indefinitely, and you can search the entire change history.
The Audit log is available for Administrators on Enterprise. The Audit log is not available for other plans.
Specifically, the Audit log shows the following changes.
Account changes
- Account status
- Account billing cycle
- Account owner change
- Account plan type
- Maximum number of agents for your account
- Subdomain name
User changes
- Agent and administrator creation and deletion
- Agent email address changes
- Agent role
- Agent and administrator password
- User suspensions
App changes
- App installation, removal, settings modification, and activation
- App creation
- Automation creation, deletion, modification, and activation
- Macro creation, deletion, modification, and activation
- Trigger creation, deletion, modification, and activation
- View creation, deletion, modification, and activation
Tickets
- Ticket deletion
Settings
- API access settings changes
- Email archiving settings
- Global password policy
- IP Restriction setting changes
- Password policy changes
- Social media channel activation and deactivation
- Whitelist and Blacklist additions, modifications, and deletions
To view the Audit log
- Click the Admin icon (
) in the sidebar, then select Account . - Click the Audit Log tab.
- View the information in the Audit log.
Column Description Time Time and date the event occurred Actor User who caused the event IP IP address of the user who caused the event Type Type of action for the event (Created, Updated, or Deleted) Item changed Object changed by the actor Changes Details about the event - Click any linked item to filter the Audit log based on that item.
For example, if you click a user in the Actor column, you see all events where that user is the Actor.
To see all events again, click Show all results .
40 Comments
Are organization changes supported yet? If so can you update the documentation to reflect the level of support?
Hi Akshobhya,
Unfortunately not at present, however if you are looking to track a specific change made to an organization, feel free to reach out to support@zendesk.com.
Cheers,
Dara
When the audit log lists an email, it's an incomprehensible mess. This has been a known issue for years. For example, for a comment that we just received, the audit entry was "by email to C L M S". When I look at the email itself, the header shows
From: M
To: L
CC: S, C
Where L is the customer, S is a support email address, and C and M are light agents.
What possible purpose can there be for such obfuscation? What about "By email from M to L cc S C"?
Hi Jonathan,
Thanks for reaching out to us here. I've brought this to the attention of our Product Manager, and while he agrees that the language could be better, it's not currently a high priority to be fixed.
To be clear -- the main issue is not the language, it's the arbitrary (or perhaps alphabetized?) order of email addresses in the log, which can make forensics difficult, especially in corner cases involving Cc's, forwards, and non-standard support addresses.
Is there any way to pull the complete details of an individual update? The "Definition: Changed" links have a hover tooltip, but it truncates the from/to information. I tried pulling information from the "audit_logs/{{id}}.json" endpoint, but it only shows what appears on the audit log page.
Is it possible to cancel the last change? (I adapted my users interface Header color to our support interface but it looks weird and I would like to go back to our previous design -default)
Hi Géraldine! You can change this by clicking on the Gear Icon in the lower left corner of your agent interface, and under Settings click on Account. You'll see the option to change back to the default header color right at the top:
Let me know if I misunderstood your question!
Thank you Jessie, I am afraid it will change the colors of my wep portal as well, right?
The instructions I gave are for New Zendesk. If you're still using Web Portal for your agent interface as well as your end-user facing portal, then yes, the color change will apply in both places.
In case you haven't seen it, I want to let you know that Web Portal is being deprecated on November 1, 2016. You can find our announcement about that here: Removal of Web portal from Zendesk. The article contains links to all the documentation you'll need to successfully make the transition.
The audit log doesn't show who enables, disables, creates or deletes Target Extensions. Is there any way to get this data?
Hey Dan,
Currently none of that information is present in the audit logs and is not available anywhere else in Zendesk. There is a request for this feature to be added in our Product Feedback page. You can upvote that request to let our developers know this is a function you'd like to see as they implement new functionality.
Thanks for your question!
Hi Stephen,
Thank you for the boilerplate response.
If you look at the thread, you'll see I already did so on August 9th of last year. There's been no official comment from Zendesk. The poor quality of the audit logs feature persists and makes it difficult to administer and troubleshoot our Support instance.
Hey Dan!
I'm checking with our Product team to see if this is something we're thinking about. I'll let you know what I find out!
@Dan, I was able to find out that we do want to do an overhaul on the audit log, but we actually need to put a team in place to deal with the back-end infrastructure first. At the moment we don't have any timeline for this, but it's definitely on our radar!
Thanks Jessie! I'd be first in line to sign up for a beta if this ever gets off the ground. I'd also be happy to expand on use cases and pain points to whoever leads up this team. Thanks for checking on it, I hope Zendesk dedicates the resources to fixing this long standing pain point soon!
I love logs! But normally I'm investigating an issue. Is there any talk about adding a search option or a date range option? I"m currently going through each page one by one looking for who updated/created a macro specifically. It's very tedious.
Hey Andrea!
I don't think there's anything like this on the roadmap at the moment, but I'm going to do some digging and see if I can find any information on possible additions to audit log functionality. Stay tuned!
Hey Andrea, I got a response on this super fast! It looks like we're hoping to make some improvements in this area of the product sometime next year.
Now, priorities change frequently around here, and this particular project is dependent on a couple other things. So, of course, we can't promise any timeframes or anything like that. But it's definitely on our radar!
Hello.
The logs show changes, but I would like to see access activity as well. i.e. views of a ticket or user profile. I would also like to see search terms and who searched for it.
thanks for the feedback, Kevin.
HI Nicole, Hi Jessie,
Audit logs without filtering and search capability are really not a scalable solution. How about the export of logs at least? that would allow executing this kind of task in the different tool.
Thanks,
Theo
Hey Theo -
There is a way to export, so long as you're comfortable dealing with JSON - there's an endpoint in the REST API, which you can read about here: https://developer.zendesk.com/rest_api/docs/core/audit_logs
You're also welcome to add your thoughts to the Product Feedback thread on Audit Logs; I know that the product team is looking into improvements and that's where they'll be going for customer feedback on it.
Hi Team,
Am looking to get audit log data for User changes by API.
My requirement is to fetch User changes done in Znedesk.
can i know how to get those data please ?
Thank you
Welcome to the Community, Bharath!
If you're on the Enterprise plan, there's an audit log built right into the product. You can find out about how that works here.
Otherwise, you can do an audit via API, which is documented in our developer resources.
Hope that helps!
How can we search through the ENTIRE Audit Log as opposed to fetching from each pages or alternatively exporting the full log via API ? Even from the API this is not obvious https://developer.zendesk.com/rest_api/docs/core/audit_logs - Has anyone got steps to achieve this basic auditing? thanks
Hi Pascal,
For performance reasons, our API paginates every 100 objects for most endpoints, including the audit_logs (incremental endpoints return 1,000 per page and views return 30 per page).
This behavior is mentioned in https://developer.zendesk.com/rest_api/docs/core/introduction#pagination.
While we don't currently have a way to export this log, I could definitely see a use for having that ability. If that's a feature that would be of major use to you, I highly recommend posting that feature request to our Product Feedback Forums. These are reviewed regularly by our Product Managers when deciding which features to include in future versions of our software.
By posting there, other people have a chance to vote in support of your idea which gives it additional weight in consideration for future development. I've often seen folks post workarounds/alternate methods for solving similar problems.
In the meantime, here's a link to an API tip that allows for scripting the contents of multiple pages into a file: https://support.zendesk.com/hc/en-us/articles/217439898-API-tip-Fetch-multiple-pages-of-results-automatically Hopefully this helps you get what you're after more easily!
Hi Pascal,
I don't have any steps or workarounds to suggest, unfortunately, but adding your comments and vote to the existing thread for this request is probably the best way to aggregate our votes to have the best chance of someone looking at the request. There's one open for the audit log from 2014 that requests a search functionality as a feature, among many other improvements.
Not sure if this is the appropriate place for this question, but I've been looking all over and couldn't find the answer anywhere.
We're getting ready for GDPR compliance so we need to be sure we're removig certain personal information from Zendesk. Do we have a way to delete information from the audit logs? Our logs go back many years and contain names, email addresses, and even IP addresses in some of the entries. How can we clear this data so we're not retaining this personal info?
Hey Aaron,
I don't believe this is possible. The Audit Logs do not have a DELETE endpoint, according to the API Docs.
All we've been told for any problems or questions on this topic is 'check the GDPR Page' which doesn't really contain much useful information at this time. Everything seems to indicate 'delete your ticket/user/org' as being the compliant action.
Please sign in to leave a comment.