Audit Log

The audit log is a crucial investigative tool in the Intranet and records actions performed on a site by users across applications.

It maintains a historical record of changes or updates made, acting as a reference point to resolve support issues or assist investigations.

A certain timeframe (x days) of data remains searchable in the Intranet itself in Admin > Audit > View log, anything outside this timeframe is archived into a downloadable log instead.

The value of x will depend on the size of your user base, but commonly this is 30 days.
 

Not all Intranet actions are captured, if one is missing that you think is useful to have please let us know in a support ticket and we can investigate adding this in :)

 

Why is this useful?

When managing an Intranet situations can arise where it is important to know who performed a change and when.

The audit log can be searched (and its data downloaded) to obtain this information as well as answer other questions about applications generally to shed light on a situation.

e.g.

Did an action succeed or fail? 

Was an expected Infocapture notification sent?

Did a user view/edit/delete something?

Did users log in on a certain date?

 

Access

The audit log can only be accessed by Application Administrators.

They can be set by sysadmins of a site from Admin > System > Administrators, so if you are not already one your sysadmin can give you this status.

 

Reviewing the data

An application administrator can access the audit log via Applications > Admin > Audit

 

You will then be presented with the following options: 

 

Configure Audit

This area is used to set the timeframe (x days) before data will archive into logs rather than remain searchable in the Intranet.

You can also decide which applications to include in the log and set any scores against actions if you want to use the ranking system.

Generally, once this area has been set up it isn't regularly accessed or changed.
 


- Archived log timeframe

By default, this is set at 30 days. This means only the last 30 days of data are searchable in the Intranet itself, anything outside this has been archived into a downloadable log. 

This is important to remember when investigating research questions so you know whether to search in the system or in an archived log for the action you are interested in.

If your site has a large user base reducing this value is recommended so logs are archived more frequently.
 

 

- Decide which applications should be included in the log 

As standard all applications and their actions are included, click on each application to expand it and see its recorded actions.

If you find some are unnecessary or you do not wish to track them in the log, deselect them and save the page to apply.


Please note: If an action or application is not included it will NOT be captured and won't appear in the audit log to assist any related support investigations.

For smaller user bases (under 1,000 users) we would recommend having every application and action selected, with this set to be archived every 30 days.

For larger user bases, we would recommend including only the most important actions and/or a shorter archiving age e.g. every 2-5 days.


 

- Give certain intranet action points to encourage engagement 

Use the 'Rank Value' column to assign points to certain Intranet actions you want to see from your user base.

When users start gathering points any rank they achieve can be displayed on their profile.

For more details on configuring this - please visit the 'Configure Ranks' section of this article further down this page. 
 

 

 

View Logs 

This is where the last x days of information the log has recorded can be searched.

If you want to trace information about a recent action this is the first port of call.

The log filters can be set up to fulfil your research question and return only relevant data (rather than everything at once)

(For any action in the past and outside the searchable log age, you will instead need to search archived logs)
 


 

1. Select the date range you are interested in searching to filter the log (the site can only show x days' worth of information depending on the archiving age that has been set, for any query outside this you need to check the archived logs) 

2. Enter a username you are interested in to filter results to only include them (if applicable)

3. If known select the category and action you are interested in to filter the log to only these for easier searching. Leaving this as 'All items' will generate a log of every recorded action, which can sometimes be useful too.

4. A CSV file stores data in rows and the values in each row are separated with a separator, also known as a delimiter. Although the file is defined as Comma Separated Values, the delimiter could be anything. We recommend leaving this as a 'comma'.

5. Once you have set up all the filters to your liking, click this to generate the log and see the recorded actions listed.

6. For easy searching offline or for your records, download the log you created as a CSV file.

 

Example

I need to know who has logged in to the Intranet this morning:


 

I have set the 'from' date filter to only be from 7 am today onwards as that's the timeframe I am interested in.

I don't need to search by a specific user (unless I want to check for a certain person)

I have filtered the log to only include log-in data by setting the appropriate category and action.

After clicking 'View' the log has been generated and I can see who has logged in.

I can download the log to a CSV if necessary to search it quickly or for specific users.

 

Follow the above process for any audited action to answer your research questions.

As any administrator of the Audit log can perform searches, it is a really handy tool to use for investigations in the first instance as it offers more information about actions.

 


View Archived Logs 

This is where archived logs are stored and can be downloaded so their actions can be searched.

 An archived log will be created once x days are reached.

 

The date against each log represents when it was archived based on the x value.

For the default of 30 days archived logs content will be all actions 60 days before that date, as the latest 30 will remain searchable in the Intranet.

e.g. An archived log titled 2024-01-29 with an archiving date of 30 days will contain data from 30th November 2023 to 30th December 2023, with the latest 30 days (up to the present day in January 2024) remaining searchable in system.

This repeats every 30 days, with data archiving and the latest 30 days remaining searchable in system.

 

 

Configure Ranks

Create titles for users to achieve when they reach a certain number of points for performing Intranet actions.

The values of actions can be set in the Audit > Configure Audit area.

Whereas in this area (Audit > Configure Ranks) you can give those points titles to gain once the points threshold has been reached.

 

To display this on user profiles, ensure the 'User Rank' profile field is set to appear in the 'View My profile' area.

Ranks will pull through once achieved as below:

 

 

Created on 21 March 2024 by Hannah Door. Last modified on 19 July 2024

Was this helpful?  

Share
Search Knowledge Base