Audit Logger is an Admin-only tool enabling these power users to easily track activity in their community from a centralized location.
- It automatically logs various user- and Admin-related actions that occur in the community.
- Audit Logger also tracks Admin activity when spoofing users.
- It logs 30 days of activity for non-Enterprise customers and 60 days of activity for Enterprise customers.
Before we begin…
- Audit Logger replaces DBLogger, which has been moved to the Maintenance stage of the Product Life Cycle.
- Audit Logger does not replace Change Log (Change Log has specific functionality that Audit Logger does not).
Access Audit Logger
- Access the Dashboard.
- Navigate to Settings > Technical > Audit Log.
View and filter audit logs
The Audit Logs page lists the last 30 to 60 days of activity (non-Enterprise and Enterprise customers, respectively), ordered from most recent.
The Action, Member, and Date columns provide their associated information, so you can track the exact activity, the user or Admin who performed it, and the exact date/time it occurred.
You can view additional details about each listed log via its arrow icon; click this icon to show/hide its associated details. In the example below, we can see what specific permission the user was missing.
Use the page selector at the top right to navigate the available pages:
- Click the < and > icons to navigate back and forward one page at a time.
- Click the →| icon to jump to a specific page (e.g., page 8 of 15).
Use the filters on the right side of the page to filter logs by user, action, date, and/or only spoofed actions.
List of logged activities
The full list of logged activities is provided below.
Sign In
- User sign ins
- User sign-in failed (the reason is shown in the details):
- Invalid password
- User not found with that email or username
- User is banned
- User lacks the sign in permission for their Role
Password Reset
- Password reset email sent (triggered by user themselves or in the Dashboard)
- User successfully reset their password
- User failed to reset their password (invalid reset code) - Reproduce by triggering password reset twice in a row
- User failed to reset their password (reset code expired)
Users
- User registered
- Admin created user in Dashboard
- User updates their own profile fields (changes displayed in log details)
- Admin updates user profile fields (changes displayed in log details)
- Other profile values updated
- User Roles are modified (additions and removals detailed)
- User is banned or unbanned
- User is jailed or unjailed
- User spoofs another user
Posts
- Comment or discussion is deleted
- Comment or discussion is modified
Roles
- Role is created, updated (including permission changes), or deleted
- When a Role is deleted, the number of affected users is part of the logged message
Dashboard Access
- User accesses a Dashboard page
- API requests on that page are part of the log details
Access Denied
- User tries to access a page they are not authorized to access
- The missing permission is provided in the log details
Site Configuration
- Addon is enabled / disabled
- Updating any settings on the SEO & Branding page
- Changes made in the Settings section of the Dashboard (e.g., Role settings, Category settings, Reaction settings, etc.)
- Create, update, delete, apply style guides (i.e., Themes)
- Create, update, delete, apply a custom layout
- ⚠️ The following Dashboard setting changes are not logged:
- Ranks
- CRUD - profile field from the profile fields settings
- OAuth & SAML settings
- Search connectors
- Ban Rules
- Automation rules
SSO
When a user connects over SSO, various debug information is written to Audit Logger.
Spoof
- VFSpoof and regular spoof are both clearly indicated in the logs.
📝 NOTE: VFSpoof is how Vanilla staff sign into a customer site. When a user account has been spoofed, the Admin who spoofed is shown.
