Topic
This article explains how to use audit logs in NinjaOne SaaS Backup.
Environment
NinjaOne SaaS Backup End-User portal
Description
An audit log is a chronological record that provides security-relevant evidence of activities and events that occur in NinjaOne SaaS Backup. Audit logs serve as a documentary record of all actions. These logs allow you to monitor, review, and investigate activities as needed.
Audit logs are retained indefinitely. You can access all historical logs without limitation to ensure your organization meets compliance requirements.
Logged Activities and Access Control
The audit log shows many key activities within a subscription. Each log entry includes the following information:
- The timestamp for the activity.
- The user who performed the activity.
- The activity that the user performed.
- The objects involved in the activity.
- The IP address and location of the user who initiated the activity.
The audit log includes the following categories:
-
Messages and File Audit Log Records
- Activities related to messages or files, such as downloading, restoring, or migrating data.
-
User Activity Log Records
- User-initiated activities, such as adding an email account or creating a retention policy.
-
System Activity Log Records
- System-generated notifications.
Audit Log Page Overview
How you access the Audit Log page depends on your plan:
- Backup plan users will have an Audit Log link in the main navigation menu.
- Archive plan users must navigate to Compliance → Audit Log
There are two main tabs on the Audit Log page, each with different functionality:
-
Search Log Tab
- On this tab, you can search audit logs by various activities, including messages and files, users, and system activities.
-
Download List Tab
- This tab contains links for exporting data.
Archive ID
The Archive ID is a unique identifier for each email, allowing the message to be uniquely identified. You can use the Archive ID as an additional search criterion in the Audit log, Advanced Search, or on the eDiscovery page to locate a specific email.
You can find the Archive ID from:
- Email details in the advanced search or eDiscovery search results
- In the view message page
- In the email audit log, the results are in the Object Name.
How to Search Audit Logs
To search the audit log, follow these steps:
- From the Audit Log page on the NinjaOneSaaS Backup End-User Portal, click the Search Log tab.
- Choose one of the Activity Categories. You can perform a more specific search by checking the items that match your needs.
- Click above the Activity Categories selection. NinjaOne SaaS Backup will display a list of available actions. Select one or more actions as needed.
- Fill in the available fields. Make sure to specify the date range. Each activity category has different fields; you don't need to fill out the optional fields.
- Click Search to complete the audit log search.
How to Download Audit Logs
You can download the Audit log file as a CSV file. To download the Audit log, follow these steps:
- Click Download to begin the download process. NinjaOne SaaS Backup will generate a link and add it to your Download list menu.
- NinjaOne SaaS Backup will display the download link once the file is ready. You can check the download link on the Download List tab on the Audit Log page. Click the provided link to download the logs.
Audit Log in Backup vs Archiver SKUs
The Audit Log feature in the Backup SKU is more limited compared to the Archiver SKU. Here is a summary of the differences:
| Aspect | Backup SKU | Archiver SKU |
|---|---|---|
| Location | Audit Log link in main navigation bar | Compliance → Audit Log |
| Available logs | All logs except those related to compliance | All logs |
| Role accessibility | Owner and Full admin. | Owner, Full admin,Compliance and Review Officer, and Data Protection Officer |