Audit Trail Search

The Audit Trail Search will only be accessible to administrators.  An administrator can access the Audit Trail Search from the Organisation menu

Ensure you have the correct organisation selected if you administer multiple organisations (3)

Advanced Search Features

By default a search bar will allow a phrase to be added which will search across the Events, Detail and User Name fields.

An administrator can then also chose to use the advanced search to apply more specific search criteria.

Using the advanced search criteria the administrator user can:

Date within - allows a period of time and a date in the centre to be applied. This creates a date range.  If the date selected is 14th December and the range is 1 week then the date range searched for is 7th December - 21st December inclusive.

Event - this will be across the defined list of options.  

Detail - this should be free text. It might be used to find a specific entry that was made.

User Name - if a user is under investigation then this will be used to search for their activity.  This should match on the User ID, user Full Name and Email Addresses to locate the relevant user to search on.

Source - a short dropdown list of the options from the above table.

Descriptions for the different entries

Event Group Event Description
Organisation Events Update organisation settings Review the changes of organisation settings
Update organisation details Review the changes of organisation details
Add/ Remove domain Review the changes of adding/ removing domain
Change VAR status Review the changes of VAR status
Add new organisation Review the changes of adding new organisation
Change organisation whitelist Review the changes of organisation whitelist
User Events Add user to organisation Review the changes of adding new user to the organisation
Update user details Review the changes of user details
User login Review the records of user login
User login failed Review the records of user login failed
User logout Review the records of user logout
Change password Review the records of changing password
Login failed - User unknown Review the records of unknown user login failed
Password reset successful via email Review the records of resetting password via email
Password reset request via email Review the records of resetting password request via email
First email setup Review the records of first email setup
Change user whitelist Review the changes of user whitelist
API access token created Review the records of creating API access token
API access token deleted Review the records of deleting API access token
Login locked out Review the records of login locked out
Archive Events Flag email as spam Review the records of flagging email as spam
Spam email release Review the records of releasing spam emails
Archive search Review the records of archive search
View email Review the records of viewing email
Download email Review the records of downloading email

Audit Trail Search Results

Audit Trail Detail View

Each cell will contain a complete record.  Left hand side ‘before’ and right hand side ‘after’ the change.  This way each row will be a new entry.  If there’s only one record then it’s just one row.

Sharing Log Details

If you are investigating when a change was made and you wish to share the Audit Trail Detail with another Mailsphere administrator, you can simply copy and paste the URL and they will be able to view the data you have located.