Audit Log

Doug Chanin
Doug Chanin
  • Updated

Topic

This article explains how to use audit logs in NinjaOne SaaS Backup.

Environment

NinjaOne SaaS Backup End-User portal

Description

An audit log is a chronological record that provides security-relevant evidence of activities and events that occur in NinjaOne SaaS Backup. Audit logs serve as a documentary record of all actions. These logs allow you to monitor, review, and investigate activities as needed.

NinjaOne SaaS Backup retains Audit logs indefinitely. You can access all historical logs without limitation to ensure your organization meets compliance requirements.

NinjaOne SaaS Backup records audit logs in real time and will display all recorded log data up to the previous day.

Logged Activities and Access Control

The audit log shows many key activities within a subscription. Each log entry includes the following information:

  • The timestamp for the activity.
  • The user who performed the activity.
  • The activity that the user performed.
  • The objects involved in the activity.
  • The IP address and location of the user who initiated the activity.

The audit log includes the following categories:

  • Messages and File Audit Log Records
    • Activities related to messages or files, such as downloading, restoring, or migrating data.
  • User Activity Log Records
    • User-initiated activities, such as adding an email account or creating a retention policy.
  • System Activity Log Records
    • System-generated notifications.

Audit Log Page Overview

How you access the Audit Log page depends on your plan:

  • Backup plan users will have an Audit Log link in the main navigation menu.
  • Archive plan users must navigate to Compliance Audit Log

There are two main tabs on the Audit Log page, each with different functionality:

  • Search Log Tab
    • The Search Log tab allows you to search and review audit log activity based on the selected activity type, date range, user, object name, or archive ID.
    • You can download audit log data directly from the main Audit Log page without running a search first. If you apply search filters, the download option remains available in the search results, allowing you to export the filtered audit log data as needed.
Fig1.png
Figure 1: Search Log tab (click to enlarge)
  • Download List Tab
    • The Download List tab shows all generated audit log export requests, including the selected date range, activity log type, start time, elapsed time, download link status, and export progress. From this page, you can download completed audit log files, view split download parts for large exports, copy the checksum, and check whether an export is queued, running, completed, or expired.
Fig2.png
Figure 2: Download List tab (click to enlarge)

Audit Log Download

To download an Audit log, navigate to the Audit Log Download List page in the NinjaOne SaaS Backup End User Portal, then select the available download link in the Download Links column.

fig3.png
Figure 3: Download Links (click to enlarge)

When an export spans multiple months, the download dialog shows each month as a separate file. You can download completed monthly files as soon as they are ready without waiting for the full export request to complete, or download all files together as a .ZIP file once NinjaOne SaaS Backup has finished the entire export.

fig4.png
Figure 4: Download files (click to enlarge)
Your download will be split into multiple download links if the activity log exceeds 100,000 logs or if the selected date range covers more than one month. For example, if you export activity logs from January 2026 to March 2026, the download links will be grouped by month. If January contains more than 100,000 logs, the January download may be split into multiple parts (such as January 2026 part 1, January 2026 part 2 ).

The generated download link is available for 96 hours. After the link expires, you’ll need to generate a new audit log export to download the data again.

Archive ID

The Archive ID is a unique identifier for each email, allowing the message to be uniquely identified. You can use the Archive ID as an additional search criterion in the Audit log, Advanced Search, or on the eDiscovery page to locate a specific email.

You can find the Archive ID from:

  • Email details in the advanced search or eDiscovery search results
  • In the view message page
  • In the email audit log, the results are in the Object Name.

How to Search Audit Logs

To search the audit log, follow these steps:

  1. From the Audit Log page on the NinjaOneSaaS Backup End-User Portal, click the Search Log tab.
  2. Choose one of the Activity Categories. You can perform a more specific search by checking the items that match your needs.
  3. Click above the Activity Categories selection. NinjaOne SaaS Backup will display a list of available actions. Select one or more actions as needed.
You cannot mix actions from different activity categories in a single search.
  1. Fill in the available fields. Make sure to specify the date range. Each activity category has different fields; you don't need to fill out the optional fields.
  2. Click Search to complete the audit log search.

How to Download Audit Logs

You can download the Audit log file as a CSV file. To download the Audit log, follow these steps:

  1. Click Download to start the download. NinjaOne SaaS Backup will generate a link and add it to your Download list menu.
  2. NinjaOne SaaS Backup will display the download link once the file is ready. You can check the download link on the Download List tab on the Audit Log page. Click the provided link to download the logs.
The audit log download link will expire in 24 hours.

Audit Log in Backup vs Archiver SKUs

The Audit Log feature in the Backup SKU is more limited compared to the Archiver SKU. Here is a summary of the differences:

Aspect Backup SKU Archiver SKU
Location Audit Log link in the main navigation bar ComplianceAudit Log
Available logs All logs except those related to compliance All logs
Role accessibility Owner and Full admin. Owner, Full admin, Compliance and Review Officer, and Data Protection Officer

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request