Understanding audit logs

Audit logs keep detailed records of key events in the system, and are designed so you can easily find what you are looking for when you need to know all the details about an event or series of events.

All logs are classified in 14 different categories, and each one keeps different parameters about the events it stores. By default, all logs will be showing the parameters that are considered most commonly used, but you can customize to show additional parameters when available and hide the ones you might not be interested in at that moment.

The email log search is the only one that has no selectable columns, but instead has several search fields to make it easier to find exactly what you need.

Let's explore what each of these categories can show us, as well as which column each one has enabled by default, and which ones we need to enable if we need to:

  • Admin: This shows a record of all actions performed by the administrators of the domain:

  • Login: Here you can track each user login, including the IP address they logged, which is very useful for tracking locations, spotting suspicious logins, or accessing from unauthorized locations:

  • SAML: Use this to track login and logout attempts to and from applications that use the Security Assertion Markup Language (SAML):

  • LDAP: The Lightweight Directory Access Protocol (LDAP) log will show you details related to applications that use that protocol to integrate with Cloud Identity or G Suite:

  • Drive: This will keep track of all actions performed using Google Drive within the domain. For example, you can use this to track the history of a file:

  • Calendar: This will keep track of all calendar events, errors, and operations that involved G Suite Calendar in this domain:

  • Devices: This will keep a log of activities performed on computers and mobile devices connected to your domain:

  • Token: With OAuth token logs, you can keep track of the domains users' access to third-party applications:

  • Groups: Use this when you need to track changes, memberships, and messages for groups in this domain:

  • Hangouts Chat: Used to track Hangouts Chat activity with members of the organization:

  • Google+: Use this to track how members of the organization are using Google+:

  • Hangouts Meet: This log keeps detailed information about the video conferences performed in the organization:

  • Email Log Search: Since email logs can be very extensive, for this log, instead of having selectable columns, we have a searching tool specifically designed to find emails. You can find messages by Date, Sender address, Sender IP, Recipient address, Recipient IP, Subject, or Message ID:

Being able to access the audit logs will prove very useful when you have an alert and need to find details about that or any other event.

Now that you know how to track events using the audit logs, let's make sure you become aware of them as fast as possible by learning how to manage alerts within G Suite in the next section.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.174.95