# Audit Log

If you need to see what has been happening within dope.swg console, then go to the Audit Log. The Audit Log works as a log of actions that have occurred within an account over the last 30 days.

To view the Audit Log go to Settings -> Audit Log

<figure><img src="/files/C9Iv1B48vFw6Pvrc9JIU" alt=""><figcaption></figcaption></figure>

## Audit Log Actions

The Audit Log will report on the following dope.swg console events

**Settings**

<details>

<summary>Admin Management</summary>

* New Admins
* Admin Removal
* Logins
* Logout

</details>

<details>

<summary>User/Group Updates</summary>

* Initial import — No. of users/groups added/removed
* Delta import — No. of users/groups added/removed
* Errors — update user/group fails e.g. authorization failure

</details>

<details>

<summary>Endpoint Configuration</summary>

* Anti-uninstall password configured/changed
* Fail closed ON/OFF

</details>

<details>

<summary>OIDC Configuration</summary>

* OIDC Configuration enabled/disabled
* Config update i.e. domains edited

</details>

<details>

<summary>Block Pages Updates</summary>

* New custom page added/deleted/changed

</details>

<details>

<summary>Security Information and Event Management (SIEM) Integration</summary>

* SIEM Integration enabled/disabled

</details>

<details>

<summary>Policy</summary>

* Policy created/deleted/updated

</details>

**Cloud App Control (CAC) Policy Updates**

**Application and Domain Bypass Updates**

<details>

<summary>Policy Assignments</summary>

* User/group assigned to a policy
* Policy Clashes i.e. a user(s) associated with two groups assigned to different policies

</details>

<details>

<summary><strong>Endpoint Manager</strong></summary>

* New endpoint registered with the dope.cloud
* Endpoint uninstalled
* Dormant endpoint deleted after 35 days
* Admin enabled endpoint to Debug Mode
* Admin disabled endpoint from Debug Mode

</details>

<details>

<summary><strong>Analytics</strong></summary>

* Export to CSV

</details>

## **Audit Log Format**

As well as recording the action, the log will record the admin responsible for the action and the timestamp for the action.

![Audit Log Example](/files/e4fq2uyLvTVke9Pn9LXH)

{% hint style="info" %}
Automatic actions are assigned to the user dope.cloud<img src="/files/2NL1kr0eIppdCjJPrd6y" alt="" data-size="original">
{% endhint %}

## Audit Log Search

### Search by action

You have the option of searching by email or by specific action. When selecting the search icon, different groups of actions will appear as a dropdown.

<figure><img src="/files/nNIPtgDPr9U4PBvtHqhI" alt=""><figcaption></figcaption></figure>

Select the type of Audit group action to search. On selection, a deeper breakdown of actions will be presented specific to the group.

For example, selecting the group Policy will result in the following Audit Log Actions to be presented:

<figure><img src="/files/5yoRetcLWLMnWflEKLF6" alt="" width="375"><figcaption></figcaption></figure>

Selecting the Action from the list will filter the Audit Log to show only these actions.

### Search by time

On the left-hand side of the Audit Log, there’s a date widget showing the last 30 days.

<figure><img src="/files/IYaagJ4X9jtIwaKQeA5V" alt=""><figcaption></figcaption></figure>

Selecting a specific date will scroll the Audit Log’s position to that date, providing an easy way to jump to a date where an action of interest may have happened.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://inflight.dope.security/dope.console/settings/audit-log.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.