JobsiteOn

View the Audit Log

How to access and filter the audit log to track user actions, data changes, and security events across your workspace.

Maya Thompson
Written by Maya ThompsonUpdated 2 days ago2 min readBeginner

What this guide covers

This guide explains how to use the audit log to track all user actions and system events in your workspace. The audit log provides a complete record for security investigations and compliance audits.

Before you begin

  • You need Owner or Admin permissions to access the audit log.
  • Audit log entries are retained for 1 year.

Step 1: Open the audit log

  1. Go to /settings.
  2. Under the Workspace group, click Audit Log.

Screenshot: The audit log page showing a filterable table with columns for timestamp, user, action, entity, and details.

Step 2: Read log entries

Each entry records:

  • Timestamp -- when the action occurred.
  • User -- who performed the action.
  • Action -- what was done (created, updated, deleted, signed in).
  • Entity -- the record type affected (contact, job, invoice, etc.).
  • Details -- specific changes (e.g., "Status changed from Pending to Completed").

Step 3: Filter the log

Use the filter controls to narrow results:

  • User -- filter by a specific team member.
  • Action -- filter by action type (create, update, delete, sign-in).
  • Entity -- filter by record type.
  • Date Range -- narrow to a specific time period.

Animation: Filtering the audit log by user "John Smith" and action "delete" to see all records John has deleted.

Step 4: Investigate suspicious activity

Look for:

  • Sign-ins from unusual locations or times.
  • Mass deletions of records.
  • Settings changes by unexpected users.
  • Role changes or new team member invitations.

Step 5: Export the log

Click Export to download the filtered audit log as a CSV file. Use this for:

  • Compliance audits (SOC 2, GDPR).
  • Internal security investigations.
  • Management reporting.

Tip: Set a quarterly reminder to review the audit log for unusual patterns. Regular reviews are a SOC 2 best practice.

What actions are logged

  • User sign-in and sign-out.
  • Record creation, updates, and deletions.
  • Role and permission changes.
  • Integration connections and disconnections.
  • Settings changes.
  • Data exports.

Note: Audit log entries cannot be modified or deleted. They provide a tamper-proof record of all workspace activity.

Did this answer your question?

Related Articles