The Audit log keeps track of all the changes that take place under the Admin section of your service desk. On the other hand, all events related to individual ITIL modules, such as Tickets, Problems, Change, etc., will be tracked under the Activities section.


An audit log comes in handy when you're performing external/internal audits. They can be very helpful in case of a service desk incident as it helps you identify the person who is responsible for the incident. 


As of now, the Audit log keeps track of following changes: 

  • Accounts 
  • Plans and billings
  • Agents

  • Requesters/Contacts

  • Agent Groups

  • Change (Change Lifecycle & Change Form Fields)

  • Sandbox

  • SLA Policies

  • Assume Identity

  • Credentials

  • Department and department fields

  • Orchestration Apps inside workflows 


Note: The assumed identity action performed by the user will also be captured under the "Activities" section for tickets and changes.


Accessing Audit Log


  • To access Audit log, click on the Settings icon from the left sidebar and click on Audit Log under Account Settings.
  • If your account has more than one workspace:
    To modify global workflows, navigate to Admin > Global Settings > Account Settings > Audit Log.
    To modify workspace-level workflows, navigate to Admin > Workspace Settings > {Workspace Name} > Account Settings > Audit Log.

    If your account has more than one workspace, refer to the solution article on managing multiple workspaces to understand how the audit log would work.


  • Once you log in, you will see the logs of everything in relation to Accounts, Plans & billing, Agents, Requesters/Contacts, Agent Groups, Change, Sandbox, SLA policy and Assume Identity.




Applying filters


Since the page presents too much information, you can also filter the audit log based on your preference. You can filter audit logs based on a specific date range, by object type (Account, Plan & Billing, Group and Agent), or by the performer. 


To apply filters, 


  • Head to Audit Log and click on the funnel icon in the top right corner. 

  • Choose the date range for which you wish to view the audit log. 

  • Select the user under the "Performed by" category to narrow down the search to a specific agent. 


[The image highlights the filters part of the Audit Log in Freshservice]



  • Choose the Object type from What's changed? (Accounts, Plans & billing, Agents, Requesters/Contacts, Agent Groups, Changes, Sandbox, SLA policy, and Assume identity)

  • Once done, click Apply.


Faq 


1. Is it possible to find who has created or removed an account in Freshservice?


If your account is in Enterprise plan you can navigate to the Admin --> Audit logs, and on the respective time frame you will be able to view who has performed the action along with the IP address.


2. Why am I unable to view/find audit logs?


Currently, audit logs are only available to enterprise customers, and only admins have access to them.


You can also GET audit logs through API. Please refer to - Service Desk API for Developers | Freshservice 


3. Where do I go to see user login, profile creation and  activity logs?


In Audit Logs, Organization Admins can get a comprehensive report of all user and profile change activity. 


 Some of the activities captured at the Organisation level are user login, User created, User deleted, User upgraded, 2FA disabled/enabled and Security settings updated.

4. What changes to an account are captured in Audit logs?
The changes to account's primary contact such as first name, last name, email, phone, along with changes to account name, invoice email, domain and account mode are captured in audit logs.