Groups audit log

View changes to groups, group memberships, and group messages

As your organization's administrator, you can track changes to groups, group memberships, and group messages for users in your domain, and troubleshoot when users in your domain notice discrepancies and unexpected changes to their group activities using the Groups audit log. Entries usually appear within half an hour of the user action.

Track these changes in the audit logs:

  • Basic group creations and deletions

    Verify that a group exists and was not recently deleted.

  • Member additions and removals 

    If a user did not receive a message sent to a group, you can check the audit log to confirm that the user is listed as a group member. If the user was removed, the audit log also shows who removed them and when.

  • Groups posting permission changes

    Users may unexpectedly receive a bounce message saying that they are not permitted to post. The audit log shows any changes to the posting permissions that would not allow the user to post.

  • Spam moderation settings

    If messages are sent to the moderation queue instead of being posted, the audit log will show if message moderation was a recent settings change.

The Groups audit log is only for the Google Groups interface. It logs both user and admin actions executed using the Google Groups interface. Google Groups actions performed by administrators using the Admin console or the Admin SDK directory API are only logged in the Admin audit logs.

Step 1: Open your Groups audit log

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Reports.

    To see Reports, you might have to click More controls at the bottom.

  3. On the left, under Audit, click Groups.
  4. On the toolbar, click Select columns Select columns. Then select the data you want to show in your log.
  5. See below for how to interpret and customize log data.

Step 2: Understand Groups audit log data

Data you can view
Data Type Description
Event Name Action that was logged, such as adding or deleting groups, group invites, messages, or setting changes.
  • Actor user accepted invitation to a group
A log entry for each time a user accepted an invitation to a group.
  • Actor user approved request from other user
A log entry for each time a user approved a request from another user.
  • Actor user joined a group
A log entry for each time a user joined a group.
  • Group basic setting changed
A log entry for each time a moderator changed a basic group setting.
  • Group created
A log entry for each time a group was created.
  • Group deleted
A log entry for each time a group was deleted.
  • Group identity setting changed
A log entry for each time group identity settings were modified.
  • Group info setting added
A log entry for each time a group information setting was added.
  • Group info setting changed
A log entry for each time a group information setting was modified.
  • Group info setting removed
A log entry for each time a group information setting was removed.
  • Group new members restrictions setting changed
A log entry for each time a new member restriction setting was updated.
  • Group permission changed
A log entry for each time a group permission setting was changed.
  • Group post replies setting changed
A log entry for each time a post reply setting was modified.
  • Group spam moderation setting changed
A log entry for each time a spam moderation setting was modified.
  • Group topic setting changed

A log entry for each time a group topic setting was modified.

  • Message moderated
A log entry for each time a moderator approved or rejected a message.
  • Posts from user will always be posted
A log entry for each time a moderator attempted to allow all messages from a user to always be posted to a group.
  • User added to a group
A log entry for each time a user was added to a group.
  • User banned from group during message moderation
A log entry for each time a moderator attempted to ban a user from a group during message moderation.
  • User invitation revoked from a group
A log entry for each time a user invitation was revoked from a group.
  • User invited to a group
A log entry for each time a user was invited to a group.
  • User join request rejected from a group
A log entry for each time a moderator rejected a user request to join.
  • User reinvited to a group
A log entry for each time a user was reinvited to a group.
  • User removed from a group
A log entry for each time a user was removed from a group.
Event description Details of the event described in the Event name field.
User Email address of the user who triggered the event.
Date Date and time the event occurred (displayed in your browser's default timezone).

Step 3: Customize and export your audit log data

Filter the audit log data by user or activity

You can narrow your audit log to show specific events or users. For example, find all log events for when users created or deleted a group, or find all group activity for a particular user.

  1. Open your Groups audit log as shown above.
  2. If you don't see the Filters section, click Filter Filter.
  3. Enter or select the criteria for your filter. You can filter on any combination of the data you can view in the log.
  4. Click Search.

Filter by organizational unit

You can filter by organizational unit to compare statistics between child organizations in a domain.

  1. Open your report as shown above.
  2. On the left, under Filters, select an organizational unit from the list.

You can only filter the current organization hierarchy, even when searching for older data. Data before December 20, 2018 will not appear in the filtered results.

Export your audit log data

You can export your audit log data to Google Sheets or download it to a CSV file.

  1. Open your audit log as shown above.
  2. (Optional) To change the data to include in your export:
    1. On the toolbar, click Select columns Select columns.
    2. Check the box next to the data you want to export and click Apply.
  3. On the toolbar, click Download Download.

You can export up to 210,000 cells. The maximum number of rows depends on the number of columns you select. Audit logs to Sheets are limited to 10,000 rows, while CSV exports can include up to 500,000 rows.

How old is the data I'm seeing?

For details on exactly when data becomes available and how long it's retained, see Data retention and lag times.

Step 4: Set up email alerts

You can easily track specific Groups activities by setting up alerts. For example, get an alert whenever someone creates or deletes a group.

Note: To get alerts on group-related actions performed in the Admin console, set up a custom alert in your admin audit log.

  1. Open your Groups audit log as shown above.
  2. If you don't see the Filters section, click Filter Filter.
  3. Enter or select the criteria for your filter. To set up an alert, you can filter on any combination of the data you can view in the log except date and time range.
  4. Click Set Alert.
  5. In the Set alert: Groups box, enter a name for the alert.
  6. Check the box to deliver the alert to the account super administrators.
  7. Enter the email addresses of any other alert recipients.
  8. Click Save.

To edit your custom alerts, see Administrator email alerts.

Was this helpful?
How can we improve it?