The Audit log keeps track of all the changes that take place under the Admin section of your service desk. On the other hand, all events related to individual ITIL modules, such as Tickets, Problems, Change, etc., will be tracked under the Activities section.

An audit log comes in handy when you're performing external/internal audits. They can be very helpful in case of a service desk incident as it helps you identify the person who is responsible for the incident. 

As of now, the Audit log keeps track of changes that take place in the following modules: 

  • Accounts 
  • Plans and billings
  • Agents

  • Requesters/Contacts

  • Agent Groups

  • Change (Change Lifecycle & Change Form Fields)

  • Sandbox

  • SLA Policies

  • Assume Identity

Note: The assumed identity action performed by the user will also be captured under the "Activities" section for tickets and changes.

Accessing Audit Log

  • To access Audit log, click on the Settings icon from the left sidebar and click on Audit Log under Account Settings.
  • If your account has more than one workspace:
    To modify global workflows, navigate to Admin > Global Settings > Account Settings > Audit Log.
    To modify workspace-level workflows, navigate to Admin > Workspace Settings > {Workspace Name} > Account Settings > Audit Log.

    If your account has more than one workspace, refer to the solution article on managing multiple workspaces to understand how the audit log would work.

  • Once you log in, you will see the logs of everything in relation to Accounts, Plans & billing, Agents, Requesters/Contacts, Agent Groups, Change, Sandbox, SLA policy and Assume Identity.

Applying filters

Since the page presents too much information, you can also filter the audit log based on your preference. You can filter audit logs based on a specific date range, by object type (Account, Plan & Billing, Group and Agent), or by the performer. 

To apply filters, 

  • Head to Audit Log and click on the funnel icon in the top right corner. 

  • Choose the date range for which you wish to view the audit log. 

  • Select the user under the "Performed by" category to narrow down the search to a specific agent. 

[The image highlights the filters part of the Audit Log in Freshservice]

  • Choose the Object type from What's changed? (Accounts, Plans & billing, Agents, Requesters/Contacts, Agent Groups, Changes, Sandbox, SLA policy, and Assume identity)

  • Once done, click Apply.

Is it possible to find who has created or removed an account in Freshservice?

If your account is in Grow, Pro or Enterprise plan you can navigate to the Admin --> Audit logs, and on the respective time frame you will be able to view who has performed the action along with the IP address.

You can also GET audit logs through API. Please refer to - Service Desk API for Developers | Freshservice