Reading the audit log

Reading the audit log

What you'll learn: what the audit log is, what it records, and how to use it when you need to investigate something.

What is the audit log?

The audit log is a permanent, read-only record of every important action taken in your panel — by you, by other admins, by resellers, by customers. It answers questions like:

  • Who deleted that account?
  • When was this domain added?
  • Who reset that password?
  • Was anyone signed into this customer's account last week?

How to find it

Sidebar → SystemAudit log.

[screenshot here: audit log page]

What you'll see

Each entry shows:

  • When the action happened
  • Who did it (the username and role)
  • What they did (e.g. "deleted account 'acmeco'")
  • On what (the affected account, domain, mailbox, etc.)
  • From where (the IP address)

Filtering

You can filter by:

  • A specific person ("show me everything user X did")
  • An affected account ("show me everything that happened to this customer")
  • A type of action ("show me all deletions")
  • A time range

This is invaluable when investigating a customer ticket — "I didn't delete it!" becomes a 30-second look at the audit log.

What's logged

  • Account create / edit / suspend / delete
  • Password resets
  • Impersonation start / stop
  • Domain add / remove
  • Database create / delete
  • Mailbox create / delete
  • Backup runs and restores
  • License changes
  • Login attempts (successes and failures)

What's not logged

  • Reads — viewing a page doesn't generate a log entry. Only changes do.
  • Customer-side activity inside their websites or mailboxes (e.g. WordPress logins) — those are recorded by the apps themselves, not the panel.

Tips

  • Export logs periodically if you need them long-term. The panel keeps them for 90 days by default.
  • Review weekly. A 5-minute scan once a week catches anything unusual early.
  • The log is your friend in disputes. If a customer claims you did something you didn't, the log is the truth.

If something goes wrong

  • Audit log page is empty — make sure you've selected a wide enough time range.
  • You can't find a specific action — try filtering by the affected account instead of the actor; sometimes you remember the "what" better than the "who".

Related articles

Need help? Contact support.