Audit Logs
Audit Logs record activity and changes across your organization for security, compliance, and troubleshooting. Each entry captures who did what, to which record, and when — including the before/after values for updates.
Overview
The Audit Logs page lets you:
- Browse a paginated, time-ordered list of organization activity (newest first)
- Filter entries by action type, entity type, and date range
- Open any entry to see the full change detail, including before/after values
- See the acting user (or System for automated actions), the source IP address, and the browser user agent
Navigate to Audit Logs
Go to Admin → Audit Logs (/admin/audit-logs). This page is restricted to the Owner and Admin roles. Other roles receive a permission error.
Reading the log list
The log table shows the following columns:
| Column | Description |
|---|---|
| Timestamp | Relative time (e.g. "2 hours ago") plus the time of day |
| User | The person who performed the action (name and email), or System for automated/background actions |
| Action | The action performed, shown as a colored badge with an icon |
| Entity | The record type affected (e.g. Ticket, Client), with the record's name when available |
| IP Address | The source IP of the request, when recorded |
| Actions | A Details button that opens the full entry |
The card header shows the total number of matching entries, and pagination controls (Previous / Next) appear below the table when there is more than one page.
Filtering
Filters appear above the table. Adjusting any filter resets the list to the first page.
| Filter | Options |
|---|---|
| Action Type | All Actions, Create, Update, Delete, Login, Logout |
| Entity Type | All Types, Client, Contact, Ticket, Invoice, Asset, User, Organization, Integration |
| Start Date | Earliest date to include |
| End Date | Latest date to include |
Use Clear Filters to reset all filters at once. The current filters are kept in the page URL, so a filtered view can be bookmarked or shared with another admin.
Action types
Each entry has an action. The most common actions appear with a dedicated badge:
| Action | Meaning |
|---|---|
| Create | A record was created |
| Update | A record was modified |
| Delete | A record was removed |
| Login | A user signed in |
| Logout | A user signed out |
| View | A record was accessed |
| Sync | Data was synchronized (e.g. an integration) |
Other action values are also recorded by the system — including archive, restore, failed login, export, import, access, and permission changes — and display with a generic badge using the raw action name.
Entity details
The Entity column identifies the type of record an action affected. Audit entries can reference many record types, including clients, contacts, tickets, invoices, assets, users, the organization itself, integrations, contracts, projects, documents, domains, certificates, credentials, software, vendors, locations, networks, products, tags, racks, quotes, and opportunities. When the affected record still exists, its name (or number, for invoices and quotes) is shown; otherwise the entry shows a shortened record ID.
Entry detail view
Click Details on any row to open the full entry. The detail dialog shows:
| Field | Description |
|---|---|
| Timestamp | The exact date and time of the action |
| Action | The action badge |
| Entity | The affected record's type and name (or ID) |
| User | The acting user's name and email, or System |
| IP Address | Source IP, when recorded |
| User Agent | The browser/client string, when recorded |
| Changes | A field-by-field Before / After comparison for the action |
The Changes section only lists fields whose values actually changed. Sensitive fields — such as passwords, MFA secrets, API keys, and encrypted values — are redacted (shown as [REDACTED]) when an entry is recorded, and binary data is replaced with [BINARY DATA], so these values are not exposed in the before/after comparison.
What gets logged
Audit entries are written automatically as actions occur throughout the application. They are not editable, and there is no way to delete individual entries from this page. Background and integration processes (for example, email sync) are attributed to System rather than a specific user.
Tips
- Combine the Action Type and Entity Type filters with a date range to narrow an investigation quickly — for example, Delete actions on Ticket records within a specific week.
- Use the Details view to confirm exactly which fields changed during an Update, rather than relying on the list alone.
- Because filter state lives in the URL, you can save a frequently used filtered view as a browser bookmark.
- If a record's name is missing in the Entity column, the underlying record has likely been deleted; the entry still preserves the change history.