> ## Documentation Index
> Fetch the complete documentation index at: https://hc.saas-manager.biz.nuro.jp/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Use Audit Logs

> The audit log records operations performed in the service, including important actions and changes executed within the system.

## About Audit Logs

The audit log records operations performed in the service. This includes important actions and changes executed within the system.

Note that detailed change histories for data are not included in this log.

The log tracks actions performed by users and the system, and it is used for security audits and compliance purposes. It records not only user actions but also system operations (such as automatic sync) and API calls.

For operations performed on connected SaaS services, refer to the Integration Log in the Integrations menu.

## How to Retrieve Audit Logs

You can retrieve audit logs in the following ways:

1. Settings menu > Audit Log tab
2. Export as a CSV file with specified conditions

<img src="https://mintcdn.com/admina-sbn/SGaLkLAYjRKTTbC4/images/it-management/3kr059fq2z/1781522908010-2026-06-15-20-28-19.png?fit=max&auto=format&n=SGaLkLAYjRKTTbC4&q=85&s=a66e5626a0b71c2ab32bd1f6c1401759" alt="Audit Log tab in Settings, showing filters for date range, actor, and category before exporting as CSV" width="2214" height="682" data-path="images/it-management/3kr059fq2z/1781522908010-2026-06-15-20-28-19.png" />

## Log Retention Period

This audit log is recorded as an operation log for both customers and our company.

Logs are retained for a period of three years.

## Types of Audit Logs

The audit log primarily stores records of write operations. Read-only actions (such as viewing a page) are not included.

Data exports are included.

Audit logs are classified into the following categories:

| Category          | Example Operations                                                                                                                              |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| Device-related    | Create, update, or delete devices<br />Create, update, or delete device usage history<br />Create, update, or delete device custom fields, etc. |
| Service-related   | Create or delete service accounts<br />Create, update, or delete workspaces<br />Sync workspaces, etc.                                          |
| Directory-related | Create, update, or delete directories<br />Merge or separate accounts<br />Create, update, or delete custom fields, etc.                        |
| Contract-related  | Create, update, or delete service contracts<br />Create, update, or delete reminders, etc.                                                      |
| Other             | Manage file permissions<br />Manage API keys<br />Manage SAML settings<br />Login history, etc.                                                 |

## Reading the Exported Data (CSV)

### Standard Columns

Basic information included in all audit logs:

| Field Name       | Description                                                     |
| ---------------- | --------------------------------------------------------------- |
| actorType        | The type of actor that performed the action (user, system, api) |
| actorName        | The name of the user who performed the action                   |
| description      | The content of the action                                       |
| actionTime (UTC) | The time the action was performed (UTC)                         |
| result           | The result of the action (Success/Failure)                      |
| resultReason     | The reason for failure, if applicable                           |
| category         | The category of the action                                      |
| activity         | The specific action performed                                   |
| ipAddress        | The IP address from which the action originated                 |
| userAgent        | The user agent from which the action originated                 |

### Additional Columns

Depending on the type of action, the following additional columns may appear:

* For device-related actions
  * device ID / device Name: information about the target device
  * deviceHistory ID / deviceHistory Name: information about device usage history
  * deviceCustomField ID / deviceCustomField Name: information about custom fields, etc.

* For service-related actions
  * service ID / service Name: information about the target service
  * serviceAccount ID / serviceAccount Name: information about the service account
  * workspace ID / workspace Name: information about the workspace, etc.

* For directory-related actions
  * identity ID / identity Name: information about the directory
  * people ID / people Name: information about the account
  * identityCustomField ID / identityCustomField Name: information about custom fields, etc.

And so on.

* If a single action involves multiple targets, additional columns are added for each target.

<Info>
  When you export multiple categories or actions into a single file, additional columns are appended to the right.
</Info>

### Sample Data

The following is sample data:

<img src="https://mintcdn.com/admina-sbn/Bxo9DSzXAQtG_Fol/images/it-management/3kr059fq2z/cs-20250321-002453-2-x.png?fit=max&auto=format&n=Bxo9DSzXAQtG_Fol&q=85&s=dd13277a0e8cba5bc72bfe48466f5620" alt="Screenshot of sample data" width="3108" height="542" data-path="images/it-management/3kr059fq2z/cs-20250321-002453-2-x.png" />
