What's included in audit trail logs?

Sprout’s audit trail logs provide information about user actions. This table breaks down different events your exported logs and along with a brief description.

Event

Description

USER_LOGGED_IN

A user logged into Sprout on the web or mobile app

USER_LOGGED_OUT

A user logged out on the web app

USER_INVITED

An Admin invited additional users

USER_DELETED

An Admin deleted a user

GROUP_DELETED

An Admin deleted a group

ROLE_DELETED

An Admin deleted a role

ROLE_UPDATED

An Admin updated a role’s permissions

ROLE_CREATED

An Admin created a role

ROLE_ASSIGNED

An Admin assigned a role to a user

ROLE_UNASSIGNED

An Admin has removed a role from a user

PROFILE_DELETED

An Admin has deleted a social profile

GROUP_CREATED

An Admin has created a group

USER_ADDED_TO_GROUP

An Admin has added a user to a group

USER_REMOVED_FROM_GROUP

An Admin has removed a user from a group

PUB_PAUSE_ALL

An Admin has clicked the Stop posts button in Publishing Settings > Pause All

PUB_RESUME_ALL

An Admin has clicked the Resume posts button in Publishing Settings > Pause All

JIT_USER_CREATED

A new user has been created via Single Service Sign-On (SSO) Just-in-Time (JIT) provisioning

TAG_DELETED

A user deleted a tag

JIT_ENABLED

A SSO Admin enabled JIT provisioning 

JIT_DISABLED

A SSO Admin disabled JIT provisioning

USER_PASSWORD_UPDATED

A user updated their password

USER_PASSWORD_SET

A user set their password for the first time

PROFILE_PERMISSIONS_UPDATED

An Admin updated a user’s profile permissions

PUB_PUBLISHED_POST 

A user published a post to a social profile

DELETED_PUBLISHED_POST

A user deleted a post

PUB_APPROVED_POST

A user approved a post that’s ready to publish in Needs Approval

PROFILE_CONNECTED

An Admin connected a new profile using the Connect a Profile option

PROFILE_REAUTHED

An Admin reauthorized a profile that expired

USER_PERMISSIONS_UPDATED

An Admin updated the Company or Feature permissions for another user

PROFILE_ADDED_TO_GROUP

An Admin added a connected profile to a Group

PUB_EDITED_POST

A user edited a post or scheduled a post via the pencil icon on a pending post

PUB_DISABLED_QUEUE

A user with the Manage Sprout Queue permission disabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue

PUB_ENABLED_QUEUE

A user with the Manage Sprout Queue permission re-enabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue

PUB_DELETED_PENDING_POST

A user deleted a pending post in scheduled, queued, needs approval or draft status

PUB_CREATED_POST

A user created a pending post via Approval Workflows, Compose + Scheduled for later, added to the Queue or selected This is a draft in Compose and saved

PUB_BULK_IMPORT

A user successfully imported messages via Bulk Post CSV.

SSO_ENABLED

An Admin with Manage SSO permission successfully uploaded an SSO XML file and enabled SSO under the Single Sign On Setting.

SSO_EDITED_SAML_SETTINGS

An Admin with Manage SSO permission edited their SAML Settings under Single Sign On > Edit SAML.

SSO_ENABLED_PASSWORD

An Admin with Manage SSO permission enabled Sprout Managed Passwords under Single Sign On.

SSO_DISABLED_PASSWORD

An Admin with Manage SSO permission disabled Sprout Managed Passwords under Single Sign On.

USER_ENABLED_TWO_STEP

A user enabled two-step verification on their account using the Security page.

USER_REQUIRED_TWO_STEP

An Admin or Owner required two-step verification on their Sprout account using the Security page.

EXPORTED_AUDIT_LOGS

A user with Manage Permissions permission exported Audit logs using the Groups & Social Profiles page or Roles & Team Members page.

EXPORTED_USER_PERMISSIONS

A user exported User Permissions via the Groups & Social Profiles or Roles & Team Members pages.

USER_UPDATED_EMAIL

A user went into Personal Settings and changed the email associated with the account.

USER_RESENT_INVITE

An Admin clicked Resend on a pending user's invite under the Team Members section.

USER_REVOKED_INVITE

An Admin clicked Revoke on a pending user's invite under the Team Members section.

USER_LOGIN_FAILED

A user failed to log in either by SSO or username and password.

CASE_UPDATE

A user updated a Case including changes to Case details like Status, Assignee, Priority or Type or added or removed Tags from a Case.

Additionally, you may see post-specific terms that help you track the history of a post.

  • Pending post ID: the post ID of a pending post that hasn’t yet been published to a social network (e.g. a scheduled, queued or draft post)
  • Post ID: the post ID of a post that was published to a network

The audit trail log also creates IT Admin-specific CSV columns including:

  • IP Address - the IP address of the user generating the event.
  • Client Type - the client information of the user (browser, device, version) generating the event.
  • City - the city of the user generating the event.
  • Region - the region of the user generating the event.
  • Country - the country of the user generating the event.
  • Continent - the continent of the user generating the event.

Was this article helpful?

Still can't find what you're looking for?

Powered by Zendesk