The audit log shows various changes in your Zendesk. It saves a record of these changes indefinitely, and you can search the entire change history.
The audit log is available for administrators on Enterprise. The audit log is not available for other plans. You can view the audit log in Support or in Admin Center. The log entries are the same in Support and Admin Center, but some of the interface features vary, like pagination, exporting, and setting date ranges.
This article contains the following sections:
About audit log changes
Specifically, the audit log shows the following changes.
- Account status
- Account billing cycle
- Account owner change
- Account plan type
- Maximum number of agents for your account
- Subdomain name
User changes
- Agent and administrator creation and deletion
- Successful agent sign in
- Agent email address addition and deletion
- Agent role
- Agent and administrator password
- User suspensions
- App installation, removal, settings modification, and activation
- App creation
- Automation creation, deletion, modification, and activation
- Macro creation, deletion, modification, and activation
- Trigger creation, deletion, modification, and activation
- View creation, deletion, modification, and activation
- SLA policy creation, deletion
Tickets
- Ticket deletion
Settings
- API access settings changes
- Email archiving settings
- Global password policy
- IP Restriction setting changes
- Password policy changes
- Social media channel activation and deactivation
- Whitelist and Blacklist additions, modifications, and deletions
Information in the audit log includes:
| Column | Description |
|---|---|
| Time | Time and date the event occurred |
| Actor | User who caused the event |
| IP address | IP address of the user who caused the event |
| Type | Type of action for the event (Created, Updated, Deleted, or Sign in) |
| Item changed | Object changed by the actor |
| Changes | Details about the event |
Viewing the audit log in Support
You can view the audit log in Support.
You can also view the audit log in Admin Center. The log entries are the same in Support and Admin Center, but some of the interface features vary, like pagination, exporting, and setting date ranges.
To view the audit log from Support
- Click the Admin icon (
) in the sidebar, then select Settings > Account. - Click the Audit Log tab.
- View the information in the audit log.
- Click any linked item to filter the audit log based on that item.
For example, if you click a user in the Actor column, you see all events where that user is the Actor.
To see all events again, click Show all results.
Viewing the audit log in Admin Center
When you view the audit log in Admin Center, the entries are the same as in Support, but you have some additional features that aren't available in the Support interface. For example, you can set a date range for the log entries you want to view and you can export log entries in CSV format.
To view the audit log in Admin Center
- In any product, click the Zendesk Products icon (
) in the top bar, then select Admin Center. - Click the Account icon (
) in the left sidebar, then click Audit log. - View the information in the audit log.
- Click the Time column to sort the entries by date, or click Start date and End date to set a date range.
- To email yourself a copy of the audit log in CSV format, set a date range for the log entries you want to export, then click Email CSV.
When the export is complete, the email is sent to your primary Zendesk email address.
43 Comments
When the audit log lists an email, it's an incomprehensible mess. This has been a known issue for years. For example, for a comment that we just received, the audit entry was "by email to C L M S". When I look at the email itself, the header shows
From: M
To: L
CC: S, C
Where L is the customer, S is a support email address, and C and M are light agents.
What possible purpose can there be for such obfuscation? What about "By email from M to L cc S C"?
Hi Jonathan,
Thanks for reaching out to us here. I've brought this to the attention of our Product Manager, and while he agrees that the language could be better, it's not currently a high priority to be fixed.
To be clear -- the main issue is not the language, it's the arbitrary (or perhaps alphabetized?) order of email addresses in the log, which can make forensics difficult, especially in corner cases involving Cc's, forwards, and non-standard support addresses.
Is it possible to cancel the last change? (I adapted my users interface Header color to our support interface but it looks weird and I would like to go back to our previous design -default)
Hi Géraldine! You can change this by clicking on the Gear Icon in the lower left corner of your agent interface, and under Settings click on Account. You'll see the option to change back to the default header color right at the top:
Let me know if I misunderstood your question!
Thank you Jessie, I am afraid it will change the colors of my wep portal as well, right?
The instructions I gave are for New Zendesk. If you're still using Web Portal for your agent interface as well as your end-user facing portal, then yes, the color change will apply in both places.
In case you haven't seen it, I want to let you know that Web Portal is being deprecated on November 1, 2016. You can find our announcement about that here: Removal of Web portal from Zendesk. The article contains links to all the documentation you'll need to successfully make the transition.
The audit log doesn't show who enables, disables, creates or deletes Target Extensions. Is there any way to get this data?
Hey Dan,
Currently none of that information is present in the audit logs and is not available anywhere else in Zendesk. There is a request for this feature to be added in our Product Feedback page. You can upvote that request to let our developers know this is a function you'd like to see as they implement new functionality.
Thanks for your question!
Hi Stephen,
Thank you for the boilerplate response.
If you look at the thread, you'll see I already did so on August 9th of last year. There's been no official comment from Zendesk. The poor quality of the audit logs feature persists and makes it difficult to administer and troubleshoot our Support instance.
Hey Dan!
I'm checking with our Product team to see if this is something we're thinking about. I'll let you know what I find out!
@Dan, I was able to find out that we do want to do an overhaul on the audit log, but we actually need to put a team in place to deal with the back-end infrastructure first. At the moment we don't have any timeline for this, but it's definitely on our radar!
Thanks Jessie! I'd be first in line to sign up for a beta if this ever gets off the ground. I'd also be happy to expand on use cases and pain points to whoever leads up this team. Thanks for checking on it, I hope Zendesk dedicates the resources to fixing this long standing pain point soon!
I love logs! But normally I'm investigating an issue. Is there any talk about adding a search option or a date range option? I"m currently going through each page one by one looking for who updated/created a macro specifically. It's very tedious.
Hey Andrea!
I don't think there's anything like this on the roadmap at the moment, but I'm going to do some digging and see if I can find any information on possible additions to audit log functionality. Stay tuned!
Hey Andrea, I got a response on this super fast! It looks like we're hoping to make some improvements in this area of the product sometime next year.
Now, priorities change frequently around here, and this particular project is dependent on a couple other things. So, of course, we can't promise any timeframes or anything like that. But it's definitely on our radar!
Hello.
The logs show changes, but I would like to see access activity as well. i.e. views of a ticket or user profile. I would also like to see search terms and who searched for it.
thanks for the feedback, Kevin.
HI Nicole, Hi Jessie,
Audit logs without filtering and search capability are really not a scalable solution. How about the export of logs at least? that would allow executing this kind of task in the different tool.
Thanks,
Theo
Hey Theo -
There is a way to export, so long as you're comfortable dealing with JSON - there's an endpoint in the REST API, which you can read about here: https://developer.zendesk.com/rest_api/docs/core/audit_logs
You're also welcome to add your thoughts to the Product Feedback thread on Audit Logs; I know that the product team is looking into improvements and that's where they'll be going for customer feedback on it.
Hi Team,
Am looking to get audit log data for User changes by API.
My requirement is to fetch User changes done in Znedesk.
can i know how to get those data please ?
Thank you
Welcome to the Community, Bharath!
If you're on the Enterprise plan, there's an audit log built right into the product. You can find out about how that works here.
Otherwise, you can do an audit via API, which is documented in our developer resources.
Hope that helps!
How can we search through the ENTIRE Audit Log as opposed to fetching from each pages or alternatively exporting the full log via API ? Even from the API this is not obvious https://developer.zendesk.com/rest_api/docs/core/audit_logs - Has anyone got steps to achieve this basic auditing? thanks
Hi Pascal,
For performance reasons, our API paginates every 100 objects for most endpoints, including the audit_logs (incremental endpoints return 1,000 per page and views return 30 per page).
This behavior is mentioned in https://developer.zendesk.com/rest_api/docs/core/introduction#pagination.
While we don't currently have a way to export this log, I could definitely see a use for having that ability. If that's a feature that would be of major use to you, I highly recommend posting that feature request to our Product Feedback Forums. These are reviewed regularly by our Product Managers when deciding which features to include in future versions of our software.
By posting there, other people have a chance to vote in support of your idea which gives it additional weight in consideration for future development. I've often seen folks post workarounds/alternate methods for solving similar problems.
In the meantime, here's a link to an API tip that allows for scripting the contents of multiple pages into a file: https://support.zendesk.com/hc/en-us/articles/217439898-API-tip-Fetch-multiple-pages-of-results-automatically Hopefully this helps you get what you're after more easily!
Hi Pascal,
I don't have any steps or workarounds to suggest, unfortunately, but adding your comments and vote to the existing thread for this request is probably the best way to aggregate our votes to have the best chance of someone looking at the request. There's one open for the audit log from 2014 that requests a search functionality as a feature, among many other improvements.
Not sure if this is the appropriate place for this question, but I've been looking all over and couldn't find the answer anywhere.
We're getting ready for GDPR compliance so we need to be sure we're removig certain personal information from Zendesk. Do we have a way to delete information from the audit logs? Our logs go back many years and contain names, email addresses, and even IP addresses in some of the entries. How can we clear this data so we're not retaining this personal info?
Hey Aaron,
I don't believe this is possible. The Audit Logs do not have a DELETE endpoint, according to the API Docs.
All we've been told for any problems or questions on this topic is 'check the GDPR Page' which doesn't really contain much useful information at this time. Everything seems to indicate 'delete your ticket/user/org' as being the compliant action.
Aaron -
I also suggest emailing your question to privacy@zendesk.com - that's the team that is dealing with GDPR compliance.
Hi Team,
Use case - When User is suspended, I want to find out who has suspended & other related information.
Current blocker :- I have to keep scrolling pages in audit log for a particular date & this would take huge time.
This API would give me audit log for any individual users.
https://Domain.com/api/v2/audit_logs?filter[source_id]
But when I suspend / Unsuspended user in Zendesk & then call api for that particular user, it will not show any audit log.
How ever, in Zendesk audit log, I am able to see the changes.
Let me know how we can tackle it please ?
Thank you
Bharath
The user should appear on the API call regardless of the user's suspended status.
You can prove that by using this API call:
https://YourDomain.zendesk.com/api/v2/audit_logs.json?filter[source_type]=user_settings
Look carefully and you will see change_descriptions for suspended and unsuspended actions.
Look very carefully and you will see a source_id for various users. So you can use:
https://YourDomain.zendesk.com/api/v2/audit_logs.json?filter[source_type]=user_settings&filter[source_id]=3425865455
and this will work for suspended users.
The problem is, the source id value does not correspond to the user ID that we see in Zendesk Support. I do not know how to determine the source_id value, so it is still tricky to find a quick audit list for the user.
But at least the details are there and you can reduce the volume returned by the API by filtering by source_type.
Hope that helps a little.
Please sign in to leave a comment.