You can use the Admin audit log to see a record of actions performed in your Google Admin console. For example, you can see when an administrator added a user or turned on a G Suite service.
For other services and activities, such as Google Drive and user activity, go to the list of available audit logs.
From the Admin console Home page, go to Reports.
- On the left, under Audit, click Admin.
(Optional) To customize what you review, on the right, click Manage columns , select the columns that you want to see or hide, and click Save.
Review ways to filter and export log data and create alerts.
Data you can view
|Event name||The action that was logged, such as revoking a security key or deleting a user.|
|Date||Date and time of the event (displayed in your browser's default time zone).|
|Event description||Details about the action, such as the name of the deleted user and the name (or email address for service account admins) of the admin that initiated the action.|
|Admin||Name of the admin who performed the action. Instead of an admin’s name, you might see:
|IP address||IP address of the admin. Usually reflects the admin's physical location, but could be a proxy server or VPN address.|
Details on event names and descriptions
At Add a filter, select an Event name to filter data for that event. The audit report shows log entries for each time that event occurred during the time range that you set. Most event names are self-explanatory. For example, Add application shows when an application was added to your organization or a domain. However, you might see more detailed log data, such as:
- Admin role assignment—If you assign the Super Admin role to a user, the log shows the Event Description as Role_SEED_ADMIN_ROLE.
- Groups—Logs actions performed in the Admin console, in Google Groups, and more. To track changes by users in Groups, see the Groups audit log.
- Marketplace services—Logs when an admin adds or removes an app, turns an app on or off, and authorizes or removes API client access. Some apps might not have IP address details.
- Access groups—Logs when a service is turned on or unset for an access group.