Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

View Audit Log events in the Code42 console

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

This tutorial explains how to search Audit Log events in the Code42 console. The Code42 Audit Log is a record that shows who did what and when in the Code42 environment. 

See these other articles for more information about the Audit Log:

Considerations

  • The Audit Log is in early access Early access icon. While in early access, the Audit Log is limited to Forensic Search events. If there are no events in the Audit Log during early access, either your product plan does not include Forensic Search, or no searches have been made in the last 90 days.
  • You must have the Customer Cloud Admin role to work with the Audit Log.
  • The Audit Log records events for only the last 90 days. If you want to maintain Audit Log output for longer than that time, you can export the results and store them in your own systems.
  • While there is no limit to the number of events recorded in Audit Log, the maximum number of events that can be exported at once is 10,000. You can filter events to reduce the number below 10,000. To export a set of results greater than 10,000, adjust your filters to reduce the number in any given call to be below 10,000, then make multiple calls to export the entire set of events.

Access the Audit Log

  1. Sign in to the Code42 console.
  2. Go to Reporting > Audit Log.

Filter Audit Log events

  1. Click Filter Filter icon.
  2. (Optional) Enter the Code42 Username to show events associated with a specific Code42 username. Use commas to separate multiple usernames. 
  3. Select the Date Range to show events for the last day, 7 days, or 30 days. Alternatively, select Custom to enter start and end dates. 
  4. Select an Event Type. (For early access, the default is All Events.)
  5. (Optional) Enter an IP address to show events by a specific public IP address involved in the event. Use commas to separate multiple IP addresses.
  6. Click Apply.
    Events are filtered. The filters display above the events list.

Export Audit Log events to CSV

Click Export Export icon to export the filtered events listed in the Audit Log to a comma-separated values (CSV) file. Any filters that are applied are shown above the Audit Log list. Click the X on a filter to remove that filter from the exported results.

For directions to export to CEF, CSV, or JSON format with the Code42 API, see Search Audit Log events with the Code42 API.

View event details

  1. Click View details Details_icon.png to see the event details
  2. (Optional) Click View profile in the Username details to open the User Profile in a new browser tab. 
  • Was this article helpful?