Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Audit Logs

Audit logs record all administrative actions in CloudSync, providing a complete trail for compliance, troubleshooting, and security purposes.

Overview

Audit logs capture:

  • Who did what

  • When they did it

  • What changed

  • Whether it succeeded

This information is essential for security reviews, compliance audits, and investigating issues.

Who This Is For

  • Administrators reviewing system changes

  • Compliance teams gathering audit evidence

  • Security teams investigating incidents

  • Operators understanding configuration history

Prerequisites

  • Administrator role — Required to access audit logs

  • ✅ Operators and Viewers cannot access audit logs

Accessing Audit Logs

1

Access audit log viewer

  • Log in to CloudSync with Administrator role

  • Go to SettingsAudit Log

  • The audit log viewer opens

Understanding Audit Log Entries

Each log entry contains:

Entry Fields

Field
Description

Timestamp

When the action occurred (in your timezone)

Action

What was done (see Action Types below)

Actor

Who performed the action (email)

IP Address

Where the action originated

Resource

What was affected

Status

Success or failure

Details

Additional context

Action Types

Configuration Changes

Action
Description

CONNECTION_CREATED

New HR or Graph connection added

CONNECTION_UPDATED

Connection settings modified

CONNECTION_DELETED

Connection removed

MAPPING_CREATED

New field mapping added

MAPPING_UPDATED

Field mapping modified

MAPPING_DELETED

Field mapping removed

SCHEDULE_CREATED

New sync schedule created

SCHEDULE_UPDATED

Schedule settings modified

SCHEDULE_DELETED

Schedule removed

SCHEDULE_PAUSED

Schedule paused

SCHEDULE_RESUMED

Schedule resumed

SETTINGS_UPDATED

System settings changed

User Management

Action
Description

USER_ACCESS_GRANTED

CloudSync access given to user

USER_ACCESS_REVOKED

CloudSync access removed

USER_ROLE_CHANGED

User's role modified

USER_EXCLUDED

Synced user excluded from sync

USER_INCLUDED

Excluded user re-included

Sync Operations

Action
Description

SYNC_MANUAL_TRIGGERED

Manual sync started

SYNC_CANCELLED

Running sync cancelled

SCOPE_UPDATED

Sync scope changed

Security Events

Action
Description

LOGIN_SUCCESS

User logged in

LOGIN_FAILURE

Failed login attempt

SESSION_EXPIRED

Session timed out

IP_BLOCKED

Access denied from blocked IP

Filtering Audit Logs

1

By Date Range

  • Click the Date Range picker

  • Select start and end dates

  • Logs filter automatically

2

By Action Type

  • Click the Action dropdown

  • Select action types to include

  • Multiple selections allowed

3

By Actor

  • Click the Actor field

  • Type email to search

  • Select the user

4

By Status

  • Click Status dropdown

  • Choose:

    • ✅ Success

    • ❌ Failure

    • All

Searching Audit Logs

Use the search bar for free-text search:

  • Search by email: jane.admin@company.com

  • Search by resource: Daily Sync

  • Search by action: CREATED

Searches match across all fields.

Exporting Audit Logs

For compliance and archival:

1

Apply filters

Set date range and any other filters for the data you need.

2

Click Export

  • Click Export (top right)

  • Choose format:

    • CSV — For spreadsheet analysis

    • PDF — For formal documentation

    • JSON — For system integration

3

Download

File downloads with all filtered entries.

Compliance-Ready Export

For audit requests, include:

  1. Full date range of audit period

  2. All action types (don't filter)

  3. PDF format with timestamps

  4. Save with audit request reference

What You Should See

Normal Activity

  • Regular login patterns

  • Scheduled configuration changes

  • Occasional manual sync triggers

Investigate Further

  • Multiple login failures

  • Changes outside business hours

  • Unexpected configuration changes

  • Access from unknown IPs

Security Concerns

  • LOGIN_FAILURE followed by LOGIN_SUCCESS (potential brute force)

  • SETTINGS_UPDATED by unknown actor

  • Access from unusual IP ranges

Common Tasks

1

Review Recent Changes

  • Set date range to last 7 days

  • Filter by configuration actions (*_CREATED, *_UPDATED, *_DELETED)

  • Review who made what changes

2

Investigate a Sync Issue

  • Set date range to when issue occurred

  • Filter by SYNC_* actions

  • Check for manual triggers or cancellations

  • Look for SCHEDULE_* changes

3

Prepare for Audit

  • Set date range for audit period

  • Remove all filters (include everything)

  • Export as PDF

  • Include summary cover page

4

Track Access Changes

  • Filter by USER_ACCESS_* and USER_ROLE_*

  • Review all access grants and revokes

  • Verify changes were authorized

Troubleshooting

"No logs found"
Cause
Solution

Date range too narrow

Expand the range

Filters too restrictive

Remove filters

No activity in period

Expected if no changes made

Can't find specific event
Try
How

Search by email

Type the actor's email

Broaden date range

Activity may be outside expected time

Check action type

Event may be logged differently than expected

Export fails
Cause
Solution

Too much data

Reduce date range

Timeout

Try smaller chunks

Format issue

Try different format

Audit Log Retention

Logs are retained based on your configuration:

Setting
Default
Configurable

Standard

90 days

Yes

Compliance

1 year

Yes

Custom

Varies

Yes

After retention period, logs are automatically deleted.

To change retention:

  1. Go to SettingsSystem

  2. Adjust Audit Log Retention

  3. Click Save

Next Steps

Related Topics

PreviousAdministrationNextSettings

Last updated