The Audit Log's Admin console page summarizes how your administrators are managing your account's key Google Apps services. Before you begin, make sure you have setup the Admin console audit log and understand the audit log's parameters.
Each log entry describes an administrator's Admin console activity including the event's date and the administrator's IP address.
- Event Name — Identifies the Google Apps service or Admin console feature an administrator has changed. Some examples of possible events are adding a group to the account or deleting a user.
- Event Description — Gives a brief description of what has changed. For example when a new group is created, the description has the new group's email address. Another example is the Toggle OAuth access. This example's description tells you whether a domain's OAuth access is on or off.
- User — Identifies the administrator who has done the account change event.
- IP Address — Identifies the internet protocol address (IP address) used by the administrator for this event. This is the IP address the administrator used to log into Google Apps which may or may not reflect the administrator's physical location. For example, the IP address can be the administrator's proxy server's address or a virtual private network (VPN) address.
- Date — Is the date when the event occurred. And this is displayed in the account's default timezone.
Edit filter options
To create a custom filter:
- Event Name — Select the Admin console event you want to include in your audit log.
- Start date — Set the earliest beginning of the range of time the log shows for the event. The maximum start date is the last 180 days. The minimum start date is today.
- End date — Set the end of the range of time shown for an event. This can be today or any date after the Start date.
- User — Enter the primary email address of the administrator who has done the account change event. Only administrators associated with your account can be an audit log user.
- Reset -- Use Reset to revert to the default filter setting. The default filter lists all administrative activities. And the default end date is today, your current date.
To understand more about the audit log, see the Admin Audit API.