What's included in audit trail logs?
Sprout’s audit trail logs provide information about user actions. This table breaks down different events your exported logs and along with a brief description.
Event |
Description |
USER_LOGGED_IN |
A user logged into Sprout on the web or mobile app |
USER_LOGGED_OUT |
A user logged out on the web app |
USER_INVITED |
An Admin invited additional users |
USER_DELETED |
An Admin deleted a user |
GROUP_DELETED |
An Admin deleted a group |
ROLE_DELETED |
An Admin deleted a role |
ROLE_UPDATED |
An Admin updated a role’s permissions |
ROLE_CREATED |
An Admin created a role |
ROLE_ASSIGNED |
An Admin assigned a role to a user |
ROLE_UNASSIGNED |
An Admin has removed a role from a user |
PROFILE_DELETED |
An Admin has deleted a social profile |
GROUP_CREATED |
An Admin has created a group |
USER_ADDED_TO_GROUP |
An Admin has added a user to a group |
USER_REMOVED_FROM_GROUP |
An Admin has removed a user from a group |
PUB_PAUSE_ALL |
An Admin has clicked the Stop posts button in Publishing Settings > Pause All |
PUB_RESUME_ALL |
An Admin has clicked the Resume posts button in Publishing Settings > Pause All |
JIT_USER_CREATED |
A new user has been created via Single Service Sign-On (SSO) Just-in-Time (JIT) provisioning |
TAG_DELETED |
A user deleted a tag |
JIT_ENABLED |
A SSO Admin enabled JIT provisioning |
JIT_DISABLED |
A SSO Admin disabled JIT provisioning |
USER_PASSWORD_UPDATED |
A user updated their password |
USER_PASSWORD_SET |
A user set their password for the first time |
PROFILE_PERMISSIONS_UPDATED |
An Admin updated a user’s profile permissions |
PUB_PUBLISHED_POST |
A user published a post to a social profile |
DELETED_PUBLISHED_POST |
A user deleted a post |
PUB_APPROVED_POST |
A user approved a post that’s ready to publish in Needs Approval |
PROFILE_CONNECTED |
An Admin connected a new profile using the Connect a Profile option |
PROFILE_REAUTHED |
An Admin reauthorized a profile that expired |
USER_PERMISSIONS_UPDATED |
An Admin updated the Company or Feature permissions for another user |
PROFILE_ADDED_TO_GROUP |
An Admin added a connected profile to a Group |
PUB_EDITED_POST |
A user edited a post or scheduled a post via the pencil icon on a pending post |
PUB_DISABLED_QUEUE |
A user with the Manage Sprout Queue permission disabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue |
PUB_ENABLED_QUEUE |
A user with the Manage Sprout Queue permission re-enabled the queue via Settings > Publishing > Sprout Queue > Enable Sprout Queue |
PUB_DELETED_PENDING_POST |
A user deleted a pending post in scheduled, queued, needs approval or draft status |
PUB_CREATED_POST |
A user created a pending post via Approval Workflows, Compose + Scheduled for later, added to the Queue or selected This is a draft in Compose and saved |
PUB_BULK_IMPORT |
A user successfully imported messages via Bulk Post CSV. |
SSO_ENABLED |
An Admin with Manage SSO permission successfully uploaded an SSO XML file and enabled SSO under the Single Sign On Setting. |
SSO_EDITED_SAML_SETTINGS |
An Admin with Manage SSO permission edited their SAML Settings under Single Sign On > Edit SAML. |
SSO_ENABLED_PASSWORD |
An Admin with Manage SSO permission enabled Sprout Managed Passwords under Single Sign On. |
SSO_DISABLED_PASSWORD |
An Admin with Manage SSO permission disabled Sprout Managed Passwords under Single Sign On. |
USER_ENABLED_TWO_STEP |
A user enabled two-step verification on their account using the Security page. |
USER_REQUIRED_TWO_STEP |
An Admin or Owner required two-step verification on their Sprout account using the Security page. |
EXPORTED_AUDIT_LOGS |
A user with Manage Permissions permission exported Audit logs using the Groups & Social Profiles page or Roles & Team Members page. |
EXPORTED_USER_PERMISSIONS |
A user exported User Permissions via the Groups & Social Profiles or Roles & Team Members pages. |
USER_UPDATED_EMAIL |
A user went into Personal Settings and changed the email associated with the account. |
USER_RESENT_INVITE |
An Admin clicked Resend on a pending user's invite under the Team Members section. |
USER_REVOKED_INVITE |
An Admin clicked Revoke on a pending user's invite under the Team Members section. |
USER_LOGIN_FAILED |
A user failed to log in either by SSO or username and password. |
CASE_UPDATED |
A user updated a Case including changes to Case details like Status, Assignee, Priority or Type or added or removed Tags from a Case. |
CASE_DELETED |
A user deleted a Case. |
COMMENT_ADDED |
A user added an internal comment to a Case. |
COMMENT_DELETED |
A user deleted an internal comment from a Case. |
COMMENT_EDITED |
A user edited an internal comment on a Case. |
PROFILE_LIST_CREATED |
A user created a Contact List. |
PROFILE_LIST_DELETED |
A user deleted a Contact List. |
PROFILE_LIST_UPDATED |
A user updated a Contact List. |
PROFILE_LIST_MEMBER_ADDED |
A user added a profile to a Contact List. |
PROFILE_LIST_MEMBER_REMOVED |
A user removed a profile from a Contact List. |
Additionally, you may see post-specific terms that help you track the history of a post.
- Pending post ID: the post ID of a pending post that hasn’t yet been published to a social network (e.g. a scheduled, queued or draft post)
- Post ID: the post ID of a post that was published to a network
The audit trail log also creates IT Admin-specific CSV columns including:
- IP Address - the IP address of the user generating the event.
- Client Type - the client information of the user (browser, device, version) generating the event.
- City - the city of the user generating the event.
- Region - the region of the user generating the event.
- Country - the country of the user generating the event.
- Continent - the continent of the user generating the event.
Comments 0 comments
Article is closed for comments.