Admin console audit log
The Admin console audit log shows a history of every task performed in your Google Admin console and who performed the task. Use it to track how your administrators are managing your account's core Google services. The following Google Marketplace app events are also logged:
- When a Marketplace app is added or removed from a domain an Add Application or Remove Application event gets logged in the audit log.
- When a domain administrator grants or revokes data access to an application, an API Client Access Authorize or API Client Access Remove event is logged in the audit log.
- When a Marketplace app is turned on/off for an Organizational Unit, a Service Change event gets logged.
To access the Admin console audit log, sign in to your Admin console and go to Reports > Audit > Admin. The page displays the following information:
- Event Name—The action the administrator performed, such as adding a group to your organization's account, revoking a security key, or deleting a user.
- Event Description—Details about the change, such as the new group's email address or the user account name that was deleted.
- User—The administrator who performed the event.
- IP Address—The internet protocol (IP) address used by the administrator to sign in to the Admin console. This might reflect the administrator's physical location, but not necessarily. For example, it could instead be a proxy server or a virtual private network (VPN) address.
- Date—The date the event occurred (displayed in your browser's default timezone).
Use the Filters section at the side to configure the page to only display data that meets certain criteria. For example, the page can show events of a particular type, or events that occurred during a specific date range.
You can also use the Filters section to create and configure a custom alert. Custom alerts do not use the Date Range. Choose an event name from the drop-down list and your other filters, then click the SET ALERT button. In the Set alert: window you can add a custom alert name, check the Super Administrator(s) box, or add additional recipient user emails. After you configure your custom alert click the SAVE button. To edit your custom alerts, refer to Account activity alerts.
- If you don't see the Filters section, click .
- To change the columns the table displays, click and choose the Select columns menu item. The page remembers the columns you choose and shows the same ones the next time you sign in.
- The Audit logs are limited to 10,000 rows, regardless of the number of columns.
- The log shows near real-time data (as recent as the last few minutes) and keeps data from up to six months ago.
|Name of Log or Report||Retention Time|
|Audit Log||6 months|
|Calendar audit log||6 months|
|OAuth Token audit log||6 months|
|Mobile Devices audit log (Google Apps Unlimited)||6 months|
|Drive audit log (Google Apps Unlimited)||6 months|
|Account activity reports||6 months|
|Security reports||6 months|
|Groups audit log||6 months|
|API audit data||6 months|
|API reporting data||15 months|
For other audit logs and reports not mentioned above the retention time should be 6 months.