Admin audit log

View administrator activity in the Admin console

The Admin audit log shows a record of actions performed in your Google Admin console. For example, you can see when an administrator added a user or turned on a G Suite service.

See the list of audits for other services and activities, such as Drive and user logins.

Step 1: Open your Admin audit log

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Reports.

    To see Reports, you might have to click More controls at the bottom.

  3. On the left, under Audit, click Admin.
  4. Optionally, at the top right, click Select columns Select columns. Select the columns you want to see or hide:
Data Type Description
Event name The action that was logged, such as revoking a security key or deleting a user.
Event description Details about the action, such as the name of the deleted user.
IP address IP address of the administrator. Usually reflects the administrator's physical location, but could be a proxy server or a VPN address.
Date Date and time of the event (displayed in your browser's default time zone).

Name of the admin who performed the action. If an admin performs an action that triggers a change to a user’s license, then you will see License Manager instead.

How old is the data I'm seeing?

For details on exactly when data becomes available and how long it's retained, see Data retention and lag times.

Details on audit logs

Information on how the log records some activities: 

  • Admin role assignment: If you assign a pre-built Super Admin role to a user,  the log shows the Event Description as Role _SEED_ADMIN_ROLE.
  • Groups:  Logs Group actions performed in the Admin console. See the Groups audit log for actions performed in Google Groups for Business.
  • Marketplace services: Logs when an administrator adds/removes an app, turns on/off an app, and authorizes/removes API client access. Some apps may not have IP address details.

Step 3: Customize and export your audit log data

Filter the audit log data by user or activity

You can narrow your audit log to show specific events or administrators. For example, find all log events for when an administrator changed a password, or find all activity for a particular administrator.

  1. Open your Admin audit log as shown above.
  2. If you don't see the Filters section, click Filter Filter.
  3. Enter or select the criteria for your filter. You can filter on any combination of the data you can view in the log.
  4. Click Search.

Filter by organizational unit

You can filter by organizational unit to compare statistics between child organizations in a domain.

  1. Open your report as shown above.
  2. On the left, under Filters, select an organizational unit from the list.

You can only filter the current organization hierarchy, even when searching for older data. Data before December 20, 2018 will not appear in the filtered results.

Export your audit log data

You can export your audit log data to Google Sheets or download it to a CSV file.

  1. Open your audit log as shown above.
  2. (Optional) To change the data to include in your export:
    1. On the toolbar, click Select columns Select columns.
    2. Check the box next to the data you want to export and click Apply.
  3. On the toolbar, click Download Download.

You can export up to 210,000 cells. The maximum number of rows depends on the number of columns you select. Audit logs to Sheets are limited to 10,000 rows, while CSV exports can include up to 500,000 rows.

Step 4: Set up email alerts

You can get email alerts for sign-in activity based on your filters.

  1. Open your Admin audit log as shown above.
  2. If you don't see the Filters section, click Filter filter .
  3. In the Filters section, select the criteria to filter. You can use any combination of filters, except IP Address and Date and time range.
  4. Click Set Alert.
  5. Enter an Alert name.
  6. Choose the recipients of the email alert:
    1. Check the box to deliver the email alert to super administrators.
    2. Enter the email addresses of any other email alert recipients.
  7. Click Save.

To edit your custom alerts, refer to Administrator email alerts.

Was this helpful?
How can we improve it?