Audit log maintains a list of all changes made under the Admin section of your service desk. Use Audit log to identify the trail of changes for reference during audits or service desk incidents. Events related to individual ITIL modules, such as Tickets, Problems, Change, etc., are tracked under Activities.


TABLE OF CONTENTS


The Audit log keeps track of changes made to the following modules: 

  • Accounts 
  • Plans and billings
  • Agents
  • Requesters/Contacts
  • Agent Groups
  • Change (Change Lifecycle & Change Form Fields)
  • Sandbox
  • SLA Policies
  • Vendor Fields
  • Assume Identity
  • Credentials
  • Department and department fields
  • Orchestration Apps inside workflows 


The assumed identity action performed by the user will also be captured under the "Activities" section for tickets and changes.


Accessing Audit Log

Here's how you can access the audit log:

  1. Go to Admin > Account Settings > Audit LogIf your account has multiple workspaces, go to Admin Settings > Workspace Settings > {Workspace Name} > Account Settings > Audit Log. Learn more about multiple workspaces.


Audit log captures the following details for every entry:

  • Time: Date and Time when the change was made
  • What changed?: The module where the change was made
  • Action: The type of action that was made—Created/Updated
  • Performed by: The user who made the change
  • Details: Fields that were changed and the field values that were added or updated


Applying filters

Filter the audit log entries to narrow down to the incident of your interest. Use date ranges, object types (Account, Plan & Billing, Group and Agent), or the user to filter the entries. 


To apply filters, 


  1. Click the funnel icon in the top right corner. 

  2. Choose the date range for which you wish to view the audit log. 

  3. Select the user under the "Performed by" category to narrow down the search to a specific agent. 


  4. Choose the Object type from What's changed? (Accounts, Plans & billing, Agents, Requesters/Contacts, Agent Groups, Changes, Sandbox, SLA policy, and Assume identity)

  5. Once done, click Apply.


Frequently Asked Questions 


  1. Is it possible to find who has created or removed an account in Freshservice?
    If your account is in Enterprise plan you can navigate to the Admin --> Audit logs, and on the respective time frame you will be able to view who has performed the action along with the IP address.

  2. Why am I unable to view/find audit logs?
    Currently, audit logs are only available to enterprise customers, and only admins have access to them.

    You can also GET audit logs through API. Please refer to - Service Desk API for Developers | Freshservice 

  3. Where do I go to see user login, profile creation and  activity logs?
    In Audit Logs, Organization Admins can get a comprehensive report of all user and profile change activity. Some of the activities captured at the Organisation level are user login, User created, User deleted, User upgraded, 2FA disabled/enabled and Security settings updated.

  4. What changes to an account are captured in Audit logs?
    The changes to account's primary contact such as first name, last name, email, phone, along with changes to account name, invoice email, domain and account mode are captured in audit logs.