The Audit Trail functionality allows you as a Superadmin to keep track of the administrative actions performed in the platform and helps you allocate specific accountability with regard to regulatory compliance requirements.
An audit trail (also called audit log) is an immutable record that keeps track of administrative actions performed in the system (the platform), such as important changes to course completion, enrollment status and many others. The audit trail provides evidence of a sequence of activities that have affected specific operations, procedures, or events, and it is useful when you need to allocate the appropriate accountability in case of incidents, specifically pertaining to regulatory compliance.
Use Case Scenarios
The Audit Trail functionality opens various opportunities, such as:
- Have complete control over your learning activities. If you have more than one administrator in charge of your learning platform, you may encounter common issues, such as “who deleted this user?” or “who updated this item?”. The Audit Trail functionality solves these issues by keeping track of all relevant data and giving you the information you need to be aware of who is responsible for the information that lies within your learning platform.
- Make regulatory compliance easier. Depending on where you are in the world, there will likely be a number of regulations that will require you to track specific data related to the events that have occurred within your learning platform, ensuring the accuracy and trustworthiness of the certifications data your platform provides.
Managing the Audit Trail
To manage the Audit Trail area, access the platform as the Superadmin, reach the Admin Menu from the gear icon in the top right corner of the page, then, select the Audit Trail option in the Settings section.
Remember that only Superadmins are in charge of managing audit logs, while Power Users cannot manage the Audit Trail area.
This is the main page of the Audit Trail management, listing in the table of the page all of the actions performed in the system in the last seven days. All actions performed in the last seven days (this is the default time frame, but you can edit it using the filters panel) are shown in the list on this page. Every row shows the action’s timestamp, info about who performed the action, the event type (what the action is about), info about its target and the IP address of the user who performed the action.
Please note that you will see more than one IP address because the IP column is populated with the X-Forwarded-For (XFF) HTTP header, which identifies the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
In the Timestamp column, you can see an indication of the time zone. In the Operated by (ID) and the Operated by columns you will see the ID and the administrative user or object who performed the specified action, while in the Target (ID) and Target columns you will view the ID and the user or object that was the target of the action.
For example, for the event User has been created (by administrator), the ID and the username of the administrative user who created the user will be displayed in the Operated by (ID) and the Operated by columns, while the ID and the username of the created user will be displayed in the Target (ID) and Target columns.
In the Event column you will view the name of the event. You can also filter by event in the filters panel. Learn more in the next chapters.
If you want to know more about a specific action, click the ellipsis icon on the right side of the action row in the table, then select the View Log Details option.
Filtering the Audit Trail Data
By pressing the filters icon, you can select a few filtering options for the audit log. In the Quick Filters tab of the slideout panel, set a time frame to filter by date the events that will be shown in your audit trail (and export). Remember the following notes about the time frame:
- The last seven days' time frame is the default for the filter, so if you don’t set any specific dates, only the actions performed in the last seven days will be shown in your audit log.
- The last seven days’ time frame starts exactly seven days before the moment when you are accessing the Audit Trail functionality (at the same time of the day). For example, if you access the audit log in your platform on January 8th at 9 am, the last seven days’ time frame covered starts on January 1st at 9 am and ends on Jan 8th at 9 am (that is when you access the functionality).
- In order to avoid slowing down data extraction, the time frame cannot be longer than 90 days.
Then, in the sections below in the panel, flag all of the events (grouped by event categories such as Course Events, User Management Events, and many others) that you want to be included in your audit trail. Once set the time frame and selected the events you want to track, press the Apply Filters button at the bottom of the panel.
Please note that once an event you included in the audit trail takes place, it may be available in the export up to five minutes after it occurred
In the Advanced Filters tab of the slideout panel, press the Add Filter button to add a filter. You can add the following advanced filters: Operated by (ID), Operated by, Target (ID), Target and IP. Once you’ve added filters, the table will automatically refresh using the applied filters.
Please note that if you set two or more filters of the same type — for example, Target=A and Target=B — the table will show all the actions with target A and all the actions with target B. If you set two or more filters of different types — for example, Target=B and Operated by=C— the table will show all of the actions with target B that have been performed (operated by) by C. So, by setting filters of different types, an action is displayed in the table only if it meets at the same time all of the conditions set. Here is another example: if you set all three filters mentioned above — Target=A, Target=B and Operated by=C— the table will show all of the actions with target A that have been performed (operated by) by C and will show all of the actions with target B that have been performed (operated by) by C.
Events for the Audit Trail
When selecting the events that you want to include in the audit log, you will browse among different event categories:
- Course. Data regarding creation, updates and deletion of courses, sessions, training material, etc.
- Learning Plan. Data regarding creation, update and deletion of learning plans.
- Custom Reports. Data related to the custom reports created and managed in the platform.
- User Management. Data related to user creation, deletion and management.
- Enrollments. Data regarding the courses where users have been enrolled or unenrolled.
- E-Commerce. Data related to the E-Commerce app.
- Terms & Conditions. Data regarding the platform's Terms & Conditions.
For a full list of events that can be used in the audit trail, refer here. Please note that some of the events are not yet available in the new Audit Trail functionality, but we are working to make available all of the events into the new Audit Trail and you’ll find all of them in a couple of months.
Exporting Your Audit Trail
You can export your audit trail in CSV (Comma Separated Values). To do so, press the Export icon in the top right corner of the Audit Trail page.
Please note that once an event takes place, it may be available in the export up to five minutes after it occurred
Tips & Tricks
- Before setting the filters, gather all the info you need (for example the date and time an event took place, who performed the action…) to be able to perform a research as detailed as possible. Then, set the filters to search the data you need.
- Make the most out of the filters at your disposal: your research will be more efficient and more focused.
- You should refrain from including all of the events when filtering your audit trail. It’s better to have a single audit trail for each event category and limit the time frame in order to ease readability and use of the log itself.