What's included in audit trail logs?
Table of Contents
Sprout’s audit trail logs provide information about user actions. This table breaks down different events your exported logs and along with a brief description.
| Event | Description |
| USER_LOGGED_IN | A user logged into Sprout on the web or mobile app |
| USER_LOGGED_OUT | A user logged out on the web app |
| USER_INVITED | An Admin invited additional users |
| USER_DELETED | An Admin deleted a user |
| USER_STATUS_CHANGED | A user's availability has changed either manually or by the system |
| GROUP_DELETED | An Admin deleted a group |
| ROLE_DELETED | An Admin deleted a role |
| ROLE_UPDATED | An Admin updated a role’s permissions |
| ROLE_CREATED | An Admin created a role |
| ROLE_ASSIGNED | An Admin assigned a role to a user |
| ROLE_UNASSIGNED | An Admin has removed a role from a user |
| PROFILE_DELETED | An Admin has deleted a social profile |
| GROUP_CREATED | An Admin has created a group |
| USER_ADDED_TO_GROUP | An Admin has added a user to a group |
| USER_REMOVED_FROM_GROUP | An Admin has removed a user from a group |
| PUB_PAUSE_ALL | An Admin has clicked the Stop posts button in Publishing Settings > Pause All |
| PUB_RESUME_ALL | An Admin has clicked the Resume posts button in Publishing Settings > Pause All |
| JIT_USER_CREATED | A new user has been created via Single Service Sign-On (SSO) Just-in-Time (JIT) provisioning |
| TAG_DELETED | A user deleted a tag |
| JIT_ENABLED | A SSO Admin enabled JIT provisioning |
| JIT_DISABLED | A SSO Admin disabled JIT provisioning |
| USER_PASSWORD_UPDATED | A user updated their password |
| USER_PASSWORD_SET | A user set their password for the first time |
| PROFILE_PERMISSIONS_UPDATED | An Admin updated a user’s profile permissions |
| PUB_PUBLISHED_POST | A user published a post to a social profile |
| DELETED_PUBLISHED_POST | A user deleted a post |
| PUB_APPROVED_POST | A user approved a post that’s ready to publish in Needs Approval |
| PROFILE_CONNECTED | An Admin connected a new profile using the Connect a Profile option |
| PROFILE_REAUTHED | An Admin reauthorized a profile that expired |
| USER_PERMISSIONS_UPDATED | An Admin updated the Company or Feature permissions for another user |
| PROFILE_ADDED_TO_GROUP | An Admin added a connected profile to a Group |
| PUB_EDITED_POST | A user edited a post or scheduled a post via the pencil icon on a pending post |
| PUB_DISABLED_QUEUE | A user with the Manage Sprout Queue permission disabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue |
| PUB_ENABLED_QUEUE | A user with the Manage Sprout Queue permission re-enabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue |
| PUB_DELETED_PENDING_POST | A user deleted a pending post in scheduled, queued, needs approval or draft status |
| PUB_CREATED_POST | A user created a pending post via Approval Workflows, Compose + Scheduled for later, added to the Queue or selected This is a draft in Compose and saved |
| PUB_BULK_IMPORT | A user successfully imported messages via Bulk Post CSV. |
| SSO_ENABLED | An Admin with Manage SSO permission successfully uploaded an SSO XML file and enabled SSO under the Single Sign On Setting. |
| SSO_EDITED_SAML_SETTINGS | An Admin with Manage SSO permission edited their SAML Settings under Single Sign On > Edit SAML. |
| SSO_ENABLED_PASSWORD | An Admin with Manage SSO permission enabled Sprout Managed Passwords under Single Sign On. |
| SSO_DISABLED_PASSWORD | An Admin with Manage SSO permission disabled Sprout Managed Passwords under Single Sign On. |
| USER_ENABLED_TWO_STEP | A user enabled two-step verification on their account using the Security page. |
| USER_REQUIRED_TWO_STEP | An Admin or Owner required two-step verification on their Sprout account using the Security page. |
| EXPORTED_AUDIT_LOGS | A user with Manage Permissions permission exported Audit logs using the Groups & Social Profiles page or Roles & Team Members page. |
| EXPORTED_USER_PERMISSIONS | A user exported User Permissions via the Groups & Social Profiles or Roles & Team Members pages. |
| USER_UPDATED_EMAIL | A user went into Personal Settings and changed the email associated with the account. |
| USER_RESENT_INVITE | An Admin clicked Resend on a pending user's invite under the Team Members section. |
| USER_REVOKED_INVITE | An Admin clicked Revoke on a pending user's invite under the Team Members section. |
| USER_LOGIN_FAILED | A user failed to log in either by SSO or username and password. |
| CASE_UPDATED | A user updated a Case including changes to Case details like Status, Assignee, Priority or Type or added or removed Tags from a Case. |
| CASE_DELETED | A user deleted a Case. |
| COMMENT_ADDED | A user added an internal comment to a Case. |
| COMMENT_DELETED | A user deleted an internal comment from a Case. |
| COMMENT_EDITED | A user edited an internal comment on a Case. |
| PROFILE_LIST_CREATED | A user created a Contact List. |
| PROFILE_LIST_DELETED | A user deleted a Contact List. |
| PROFILE_LIST_UPDATED | A user updated a Contact List. |
| PROFILE_LIST_MEMBER_ADDED | A user added a profile to a Contact List. |
| PROFILE_LIST_MEMBER_REMOVED | A user removed a profile from a Contact List. |
| KEYWORD_LIST_SETTINGS_ENABLED | A keyword list was turned on for blocked words. |
| KEYWORD_LIST_SETTINGS_DISABLED | A keyword list was turned off for blocked words. |
| KEYWORD_LIST_SETTINGS_DELETED | A keyword list was deleted for blocked words. |
| KEYWORD_LIST_SETTINGS_CREATED | A keyword list was created for blocked words. |
| KEYWORD_LIST_SETTINGS_UPDATED | A keyword list was updated (word or phrase was added or removed) for blocked words. |
| DATA_MASKING_SETTINGS_UPDATED | A data masking entity was enabled or disabled. |
| SECURE_FORM_INSTANCE_SHARED | A user sent a secure form to an end user. |
| SECURE_FORM_INSTANCE_REVEALED | A user revealed data within a secure form. |
| SECURE_FORM_DISABLED | An admin disabled a specific secure form in settings. |
| SECURE_FORM_ENABLED | An admin enabled a specific secure form in settings. |
| SECURE_FORM_CREATED | An admin created a new secure form in settings. |
| SECURE_FORM_DELETED | An admin deleted a new secure form in settings. |
| SECURE_FORM_UPDATED | An admin updated an existing secure form in settings. |
Additionally, you may see post-specific terms that help you track the history of a post.
- Pending post ID: the post ID of a pending post that hasn’t yet been published to a social network (e.g. a scheduled, queued or draft post)
- Post ID: the post ID of a post that was published to a network
The audit trail log also creates IT Admin-specific CSV columns including:
- IP Address - the IP address of the user generating the event.
- Client Type - the client information of the user (browser, device, version) generating the event.
- City - the city of the user generating the event.
- Region - the region of the user generating the event.
- Country - the country of the user generating the event.
- Continent - the continent of the user generating the event.
