Understand audit trail

Understand Audit Trail

A typical organization has several users accessing its applications and services. Monitoring every user's activity is crucial to alleviate potential threats to sensitive data and prevent data misuse. The Audit Trail feature in Zoho Creator assists an organization by maintaining logs on the sequence of activities performed inside an application. This is helpful in case of security violations by identifying user behavior and the chronological order of events that caused them. You can customize what you review, by setting filters based on specific dates, actions performed, record IDs, and email addresses of users. This feature is form-specific and lets you view the history of the following action types performed in your application:

  • History of changes made to the records by you, your end-users, and the application workflows. For example, when a user updates a record with new values, or deletes a record, the updated or deleted record values are logged with details like the old value, modified value, the user who modified or deleted the record, modified time, and more. 
  • History of print and export actions carried out in a report by users. Here, you can filter and view the respective actions based on a form's report. For example, when a user prints or exports a report, the report details like the report name, exported format, form name, columns exported, IP address, etc., are also logged.
    Note: Export and print actions from pivot reports (pivot charts and pivot tables) will not be captured in our audit logs.

In short, the Audit Trail feature keeps track of the changes made in your application, as well as when data has been modified, how much, and by whom. This serves as documentary evidence for the sequence of activities in your application records and reports.

How long is data saved?

You can access the audit logs for record changes and report actions this far back:

Audit logData retention time
Record changes (edit and delete actions)1 year
Report actions (export and print)3 months
Tip: We recommend exporting the audit trail data once a year for record logs and every 3 months for report logs to avoid losing the audit history.

Configure the capture of IP Address and source information

You can capture the IP address and source information of users who make changes to your application records, as well as export and print reports. By default, the option to capture IP Address and source information will be disabled. You can choose to enable it in the Settings tab as follows:

  1. Navigate to Operations on the left pane and select Audit Trail under Applications.

  2. Click the View Audit Trail button in the center. A popup will appear.

  3. Select the Application and Form for which the audit trail has to be recovered, then click View.

  4. The edit history of the selected form for the last 365 days will be displayed.

  5. Navigate to the required tab — Record Logs or Export & Print Logs.
  6. Click the Settings button at the top-right corner.

  7. Select the Enable option under Capture IP address and source information, then click Save.
    • When enabled, the IP Address and source information will be captured in the detail view of the audit logs. 
    • Upon disabling, the future audit logs will not capture the IP Address and source information. The previous logs will remain unchanged, i.e., they will display the IP Address and source information. 

View record edit history

  1. Click Audit Trail under Operations.

  2. Click the View Audit Trail button in the center. A popup will appear.

  3. Select the Application and Form for which the audit trail has to be recovered, then click View.

  4. The edit history of the selected form for the last 365 days will be displayed in the Record Logs tab.

  5. You can choose to capture the IP Address and source information in the detailed audit logs by clicking the Settings button at the top-right and enabling it.

  6. The audit history can be filtered using the Filters section on the right side of the page. The Date filter should be cleared off when switching between audit tabs.
    Note: The Specific date and Date range picker allow you to select an option from the past one year for every change that is audited.

  7. Click on an entry in the list to view the detailed record log.

  8. To switch the view and see the record edit history of a different form, click the Change Form button at the top right corner. Then, select the Application and Form for which the audit trail has to be recovered and click View.

Manage personal data and health information capture for fields 

When you're using fields in your Zoho Creator applications to capture any sensitive, confidential, or personally identifiable information (PII), you can add another layer of protection for them by enabling Contains personal data. When you're using fields to capture health-related information, you can enable the Contains health info field properties. Enabling the Contains health info field property also asks you to encrypt the collected data.

  1. Edit your app.
  2. Open the form builder.
  3. Select the required field. Its Field Properties will appear on the right.
  4. Navigate to the Field Properties > Data Privacy section.
  5. Check the checkbox next to Contains personal data (PII).
  6. Check the checkbox next to Contains health info (ePHI).

  7. Click Yes in the respective dialog box appears to encrypt your data.

  8. The fields that are marked as containing eP​HI (Electronic protected health information) and PII (personally identifiable information) data are captured in the detailed audit logs for export and print actions.

View report export and print history

Note: The following mobile apps will log export and print actions once the source code is updated from our side in the server.

  • For code-signed apps (Android and iOS), the export and print actions will be logged only after a new build is taken from our server.
  • For SDK apps, the export and print actions will be logged only after the framework is updated to the latest version.
  1. Navigate to Operations on the left pane and select Audit Trail under Applications.

  2. Click the View Audit Trail button in the center. A popup will appear.

  3. Select the Application and Form for which the audit trail needs to be recovered, then click View.

  4. Navigate to the Export & Print Logs tab.
  5. The print and export history of all reports of the chosen form for the last 90 days will be displayed. 

  6. You can choose to capture the IP Address and source information in the detailed audit logs by clicking the Settings button at the top-right and enabling it.

  7. The audit history can be filtered using the Filters section on the right side of the page.

  8. All reports of the form will be chosen by default. You can select the required report (active or deleted) of the form for which you want to view the print or export actions. 

  9. Check the checkboxes beside the required actions - Exported and Printed to view the respective audit logs.
  10. Select the required date or specify a range to view the audit information. The Date filter must be cleared off when switching between audit tabs.
    Note: The Specific date and Date range picker allow you to select an option from the past one year for every change that is audited.
  11. You can also type a specific user's email address to view the history of their export and print actions.
  12. Click on an entry in the list to view the detailed audit record for export and print logs.
  13. Below image shows how the Detailed Export Log looks like. The ePHI and PII fields are captured in the detailed audit logs upon enabling the respective field properties for fields that capture any sensitive, confidential, or personally identifiable information fields.

  14. Below image shows how the Detailed Print Log looks like:

  15. To switch the view and see the record edit history of a different form, click the Change Form button at the top right corner. Then, select the Application and Form for which the audit trail has to be recovered and click View.

    ​​

Export audit logs

The audit logs for both record changes and export and print actions can be exported by clicking the Export as CSV button in the respective tabs. You can filter the data to be exported by choosing the required option under the Filters tab and click Export as CSV. The data will be downloaded into two separate CSV files. 

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohocreator.com