This article described the OLD version of the Audit log. This version is still active on our multi tenant instance. If you are using the single tenant or exclusive instance, please refer to the [New Audit log](🔗) article.

Audit logging offers chronological records of user activity in the Bloomreach Engagement application, including information about a user and a detailed overview of actions performed by the user. Using Audit logging provides proof of GDPR compliance and operational integrity and it can also serve as a source of information for audit investigations. Moreover, it allows you to identify the origin of any security incident.

Access to the Audit Log is restricted, and only authorized users can search, filter, or download logs for a specific time period. Audit log records will contain logs that include interaction with the application and with customer accounts.

While the Audit log is operational in all instances, access to log reports is only available in Single Tenant and Exclusive instances. If you want to use these features, contact your CSM.

Audit Log availability in BETA

This feature is currently available in the **BETA version,** but we are working on its improvement.

# Audit log at the account level

The audit log on the account level tracks all activities for a specific account. When you have several projects under one account all activities are aggregated to this audit log. Every activity is linked to the user/API who performed it. For each user/API, we track the properties described below:

PropertyDescriptionData typeExample
**subject_type**Type of access used (existing user or API access)stringexisting_user/api_token
**subject_identifier**Username (usually email) used during loginstring[[email protected]](🔗)
**subject_remote_addr**The IP address of user/API when triggered the actionstring32.68.182.60
**resource_project_id**Project token where user/API triggered actionstringa2a36816-c025
**resource_account_id**Account id where user/API triggered actionstringa2a36816-c025
**subject_provider**The authentication provider that was used during the loginstringgoogle
**resource_project_slug**Page slug of the resource projectstring/media_project
**resource_identifier** (optional)ID changed as a result of the action made.stringThe ID of the original campaign.
**resource_query** (optional)Query made.stringCustomer filter used during the deletion of customers.
**resource_snapshot **(optional)The status of the campaign at the time of the action.stringRunning
**resource_before/after_status** (optional)How the status of the campaign changed as a result of the action.StringRunning/stopped
PropertyDescriptionData typeExample
**subject_user_id** (for existing user)UUID of a userstringa2a36816-c025
**subject_access_group_id** (for API access)UUID of a groupstringa2a36816-c025
**subject_access_key** (for API access)Access keystringKey123
**subject_permissions** (for API access)Permission for the given API tokenstring

The user's/API's activities trigger an `audit` event. Attributes of the audit event provide more details for the audit log:

`resource_type` describes the location/part of the application where the activity was triggered `action_type` describes the action for the `resource_type`

**Tracking activities when resource_type = customer **

action_typeResource_typeDescription
**create** customerCreate customer from the interface
**update** customerUpdate customer's attributes from the interface
**delete** customerDeletion of a customer from the interface. This action also includes bulk deletion of customers. In case of bulk deletion, attribute `object_id` stores the link to the file with filter. This filter was applied to customers during bulk deletion.
**anonymize** customerAnonymization of customers from the interface
**read** customerView customers in Bloomreach Engagement CRM. This action also includes bulk downloads of customers. In case of bulk download, attribute `object_id` stores the link to the file with filter. This filter was applied to customers during the download action.

**Tracking activities when resource_type = {others} ** In this case, we are talking about activities all over the application. These activities usually have among the actions either `create`, `update`, or `delete`. The resource_types provided below are just examples, much more locations are being tracked.

action_typeresource_typeDescription
**create**trendTrend was created
**update**campaign_designCampaign was updated
**delete**aggregateAggregate was deleted



Data expiration time period for the audit event is set to 3 years.

# Audit log at the instance level

Tracks all activities, that don't belong to any account/project as the actions `login`/`log out`. On the instance level under the event `access`, the audit log tracks all customers who logged in/logged out.

action_typeaction_successDescription
**login**false/trueThe user was/was not logged in
**logout**false/trueThe user was/was not logged out

The project for looking into the instance-level audit log is named `Audit Log - Instance`. An example of this would be `https://app.exponea.com/p/audit-log-instance1/crm/customers/pages/1`.