Audit Log

If you need to see what has been happening within dope.swg console, then go to the Audit Log. The Audit Log works as a log of actions that have occurred within an account over the last 30 days.

To view the Audit Log go to Settings -> Audit Log

Audit Log Actions

The Audit Log will report on the following dope.swg console events

Settings

Admin Management

New Admins
Admin Removal
Logins
Logout

User/Group Updates

Initial import — No. of users/groups added/removed
Delta import — No. of users/groups added/removed
Errors — update user/group fails e.g. authorization failure

Endpoint Configuration

Anti-uninstall password configured/changed
Fail closed ON/OFF

OIDC Configuration

OIDC Configuration enabled/disabled

Config update i.e. domains edited

Block Pages Updates

New custom page added/deleted/changed

Security Information and Event Management (SIEM) Integration

SIEM Integration enabled/disabled

Policy

Policy created/deleted/updated

Cloud App Control (CAC) Policy Updates

Application and Domain Bypass Updates

Policy Assignments

User/group assigned to a policy
Policy Clashes i.e. a user(s) associated with two groups assigned to different policies

Endpoint Manager

New endpoint registered with the dope.cloud
Endpoint uninstalled
Dormant endpoint deleted after 35 days
Admin enabled endpoint to Debug Mode
Admin disabled endpoint from Debug Mode

Analytics

Export to CSV

Audit Log Format

As well as recording the action, the log will record the admin responsible for the action and the timestamp for the action.

Audit Log Search

Search by action

You have the option of searching by email or by specific action. When selecting the search icon, different groups of actions will appear as a dropdown.

Select the type of Audit group action to search. On selection, a deeper breakdown of actions will be presented specific to the group.

For example, selecting the group Policy will result in the following Audit Log Actions to be presented:

Selecting the Action from the list will filter the Audit Log to show only these actions.

Search by time

On the left-hand side of the Audit Log, there’s a date widget showing the last 30 days.

Selecting a specific date will scroll the Audit Log’s position to that date, providing an easy way to jump to a date where an action of interest may have happened.

PreviousWhy not SAML & SCIM?NextSIEM Integration

Last updated 8 months ago