
This article described the OLD version of the Audit log. This version is still active on our multi tenant instance. If you are using the single tenant or exclusive instance, please refer to the [New Audit log](🔗) article.
Audit logging offers chronological records of user activity in the Bloomreach Engagement application, including information about a user and a detailed overview of actions performed by the user. Using Audit logging provides proof of GDPR compliance and operational integrity and it can also serve as a source of information for audit investigations. Moreover, it allows you to identify the origin of any security incident.
Access to the Audit Log is restricted, and only authorized users can search, filter, or download logs for a specific time period. Audit log records will contain logs that include interaction with the application and with customer accounts.
While the Audit log is operational in all instances, access to log reports is only available in Single Tenant and Exclusive instances. If you want to use these features, contact your CSM.
Audit Log availability in BETA
This feature is currently available in the **BETA version,** but we are working on its improvement.
# Audit log at the account level
The audit log on the account level tracks all activities for a specific account. When you have several projects under one account all activities are aggregated to this audit log. Every activity is linked to the user/API who performed it. For each user/API, we track the properties described below:
| Property | Description | Data type | Example |
| **subject_type** | Type of access used (existing user or API access) | string | existing_user/api_token |
| **subject_identifier** | Username (usually email) used during login | string | [[email protected]](🔗) |
| **subject_remote_addr** | The IP address of user/API when triggered the action | string | 32.68.182.60 |
| **resource_project_id** | Project token where user/API triggered action | string | a2a36816-c025 |
| **resource_account_id** | Account id where user/API triggered action | string | a2a36816-c025 |
| **subject_provider** | The authentication provider that was used during the login | string | |
| **resource_project_slug** | Page slug of the resource project | string | /media_project |
| **resource_identifier** (optional) | ID changed as a result of the action made. | string | The ID of the original campaign. |
| **resource_query** (optional) | Query made. | string | Customer filter used during the deletion of customers. |
| **resource_snapshot **(optional) | The status of the campaign at the time of the action. | string | Running |
| **resource_before/after_status** (optional) | How the status of the campaign changed as a result of the action. | String | Running/stopped |
| Property | Description | Data type | Example |
| **subject_user_id** (for existing user) | UUID of a user | string | a2a36816-c025 |
| **subject_access_group_id** (for API access) | UUID of a group | string | a2a36816-c025 |
| **subject_access_key** (for API access) | Access key | string | Key123 |
| **subject_permissions** (for API access) | Permission for the given API token | string |  |
The user's/API's activities trigger an `audit` event. Attributes of the audit event provide more details for the audit log:
`resource_type` describes the location/part of the application where the activity was triggered
`action_type` describes the action for the `resource_type`
**Tracking activities when resource_type = customer **
| action_type | Resource_type | Description |
| **create** | customer | Create customer from the interface |
| **update** | customer | Update customer's attributes from the interface |
| **delete** | customer | Deletion of a customer from the interface. This action also includes bulk deletion of customers.
In case of bulk deletion, attribute `object_id` stores the link to the file with filter. This filter was applied to customers during bulk deletion. |
| **anonymize** | customer | Anonymization of customers from the interface |
| **read** | customer | View customers in Bloomreach Engagement CRM. This action also includes bulk downloads of customers.
In case of bulk download, attribute `object_id` stores the link to the file with filter. This filter was applied to customers during the download action. |
**Tracking activities when resource_type = {others} **
In this case, we are talking about activities all over the application. These activities usually have among the actions either `create`, `update`, or `delete`. The resource_types provided below are just examples, much more locations are being tracked.
| action_type | resource_type | Description |
| **create** | trend | Trend was created |
| **update** | campaign_design | Campaign was updated |
| **delete** | aggregate | Aggregate was deleted |

Data expiration time period for the audit event is set to 3 years.
# Audit log at the instance level
Tracks all activities, that don't belong to any account/project as the actions `login`/`log out`. On the instance level under the event `access`, the audit log tracks all customers who logged in/logged out.
| action_type | action_success | Description |
| **login** | false/true | The user was/was not logged in |
| **logout** | false/true | The user was/was not logged out |
The project for looking into the instance-level audit log is named `Audit Log - Instance`. An example of this would be `https://app.exponea.com/p/audit-log-instance1/crm/customers/pages/1`.