Viewing Audit Logs

Before you begin

Audit logs are historical logs of user activity. They are useful for such tasks as ensuring compliance with industry regulations, troubleshooting system issues and investigating security breaches.

To use audit log features:

  • You must have access to a SOTI Connect instance.
  • You must sign in as an administrator.
  • The Enable Audit Logs setting must be on.

About this task

This section describes how to view, filter and export the audit logs.

Procedure

To explore the SOTI Connect audit log feature:
  1. Verify the Enable Audit Logs setting is on. The setting is in Main Menu > Global Settings > General Configuration.
    Audit logs enabled
  2. Select Main Menu > Users and Permissions.
  3. In the left pane, select Users.
    Audit logs
  4. To view user logs for all users, under View All Users select Logs.
    Audit logs all
  5. User logs for all users appear in the right panel. Filter the results by selecting the log type from the Filter drop-down list. In this example, select Security to filter security logs.
    Audit logs source
    Note: You can only select one filter at a time. The filter stays in effect until you select log type None.
  6. To filter logs based on a time interval, select the calendar icon, define the time range and select Apply.
    Audit logs filter date
    Note: You can use the time interval filter in combination with the log type filter. The time interval filter stays in effect until you select Clear.
  7. To export audit logs, select the Export icon and choose either the CSV or PDF export format.
    Audit logs export
    Note: Exported logs download to your browser's default download location with the name AuditReport.zip when exporting to CSV, or AuditReport.pdf for PDF.
  8. For a SOTI Connect instance associated with a SOTI Identity instance, the SOTI Connect users are Local Users and the SOTI Identity users are SOTI Identity Users.
    Audit logs identity
    Note: For SOTI Connect instances that are not associated with a SOTI Identity instance, local users appear individually below View All Users.
  9. To view the logs of an individual user, select the user in the left panel. Logs associated with the user appear in the right panel. The same filter and export functionality discussed above are also available when viewing an individual user's logs. Audit logs individual
  10. To view logs of deleted users, select Deleted User Logs.
    Audit logs deleted
    Note: The logs from deleted users show only the user ID and not the username to ensure General Data Protection Regulation (GDPR) compliance.

Results

You can now:
  • View, filter, and export logs for all users, specific users and deleted users.
  • Filter logs by log type and time interval.
  • Export logs to CSV or PDF.
  • View logs for SOTI Connect and SOTI Identity users.