The Login Audit Report provides audit information for each user that has logged in or attempted to log into your Egnyte domain, so you can quickly spot suspicious activity. In this article, we'll describe how to pull a Login Audit Report, the different parameters you can search for, and what's includes in each report.
Note: Audit Reports are available for Office plans or higher who have purchased the Advanced Security Package.
If you'd like to learn more, our Reports & Auditing Overview article covers all of the reports available to you.
Run a Report
From the Reports Center, expand the Audit section and select Login Reports.
Click on the + New Report button to begin. You'll need to name the report and choose the parameters for the report.
Once all the parameters for the report are chosen, click on the Submit button to submit the report.
- Date range: Narrow down auditing by activity date.
Note: Egnyte purges all logs older than 3 months.
- Access type: Specify the interface through which the user accessed Egnyte. The report provides information for access from the Web UI (browser), mobile devices, and FTP.
- Events: Choose if you want to view any event or specified events from the following list: Login, logout, account lockout, password reset, failed attempt, accepted terms of service, and declined terms of service.
- Users: Choose the users or groups whose activity you wish to view.
Login Audit Report Output
When you submit any audit report, you will receive an email and alert within a few minutes letting you know that the report is ready for viewing. If it's a smaller audit report, you'll have access to it right away.
Note: Since audit logs for file activity are captured periodically through the day, you may not see activity for the last few hours in your report.
The login audit report displays the following information:
- Date: The date and exact time of the login attempt.
- User: User whose login activity you are viewing.
- Access: Access point of the login.
- IP Address: IP address from which your Egnyte file server was accessed.
- Event: Reflects the event type.
- Logout Time: The date and exact time of the logout events.