Admin console audit log

The Admin console audit log shows a history of every task performed in your Google Admin console and who performed the task. Use it to track how your administrators are managing your account's core Google services. The following Google Marketplace app events are also logged:

  • When a Marketplace app is added or removed from a domain an Add Application or Remove Application event gets logged in the audit log.
  • When a domain administrator grants or revokes data access to an application, an API Client Access Authorize or API Client Access Remove event is logged in the audit log.
  • When a Marketplace app is turned on/off for an Organizational Unit, a Service Change event gets logged.

Note: This article describes the new version of the Google Admin console Reports page. If your console doesn't match what this article describes, you might be using the old version.

To access the Admin console audit log, sign in to your Admin console and go to Reports > Audit > Admin. The page displays the following information:

  • Event Name—The action the administrator performed, such as adding a group to your organization's account, revoking a security key, or deleting a user.
  • Event Description—Details about the change, such as the new group's email address or the user account name that was deleted.
  • User—The administrator who performed the event.
  • IP Address—The internet protocol (IP) address used by the administrator to sign in to the Admin console. This might reflect the administrator's physical location, but not necessarily. For example, it could instead be a proxy server or a virtual private network (VPN) address.
  • Date—The date the event occurred (displayed in your browser's default timezone).

Use the Filters section at the side to configure the page to only display data that meets certain criteria. For example, the page can show events of a particular type, or events that occurred during a specific date range.

You can also use the Filters section to create and configure a custom alert. Custom alerts do not use the Date Range. Choose an event name from the drop-down list and your other filters, then click the SET ALERT button. In the Set alert: window you can add a custom alert name, check the Super Administrator(s) box, or add additional recipient user emails. After you configure your custom alert click the SAVE button. To edit your custom alerts, refer to Account activity alerts.

  • If you don't see the Filters section, click filter.
  • To change the columns the table displays, click Settings and choose the Select columns menu item. The page remembers the columns you choose and shows the same ones the next time you sign in.
  • The Audit logs are limited to 10,000 rows, regardless of the number of columns.
  • The log shows near real-time data (as recent as the last few minutes) and keeps data from up to six months ago.


Name of Log or Report Retention Time
Audit Log 6 months
Calendar audit log 6 months
OAuth Token audit log 6 months
Mobile Devices audit log (Google Apps Unlimited) 6 months
Drive audit log (Google Apps Unlimited) 6 months
Account activity reports 6 months
Security reports 6 months
Groups audit log 6 months
API audit data 6 months
API reporting data 15 months

For other audit logs and reports not mentioned above the retention time should be 6 months.

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.