The File Audit Report includes information about the activities performed by each user on the files and folders in your domain, making it easy to track down various activities across your assets at a user level. We'll walk you through how to run a File Audit Report, what each parameter does, and what's included in the report.
Audit Reports are available for Office plans or higher who have purchased the Advanced Security Package.
If you'd like to learn more, our Reports & Auditing Overview article covers all of the reports available to you.
Run a Report
From the Reports Center, expand the Audit section, and select File Reports.
Click on the + New Report button to begin. You'll need to name the report and choose the parameters for the report.
You may select one or more parameters to narrow down the file and folder activity you would like to view.
- Date range: Narrow down auditing by activity day or date range.
Egnyte purges all audit logs older than 3 months, so you cannot run a new report for data older than 3 months. If you would like to be able to save data older than 3 months, please review the Save or Schedule Audit Reports article.
- Actions: Specify the type of file or folder activities that you want to audit. If you leave the option as Any action, all of the actions listed will be included in the report. You may also choose to only pull certain actions from the following list: upload, create folder, download, move, copy, delete, promote file version, delete from trash, restore from trash, preview, create link, delete link, download via link, create upload link, delete upload link, upload via link, lock file, unlock file, add metadata, delete metadata, and preview via link.
- Folders: You may enter folder names (e.g., /Shared/Marketing) or choose a folder by clicking selected folders and navigating the folder structure.
You have the option to automatically include or exclude subfolders.
- Files: Choose to view activity on specific files. You may use a wildcard ‘*’ character anywhere except in the beginning of the file name.
- Users: Choose the users or groups whose activity you wish to view.
When you select multiple parameters, the report will generate results matching all of them. For instance, if you enter both a file name and a folder name, the report will include activity for the files within those matching folders.
File Audit Report Output
When you submit any audit report, you will receive an email and alert within few minutes letting you know that the report is ready for viewing. If it is a smaller audit report, you'll have access to it right away.
Since audit logs for file activity are captured periodically through the day, you may not see activity for the last few hours in your report.
The file audit report displays the following information:
- Date: Provides the time stamp of the file or folder activity.
- User: The user who performed the file or folder action.
- IP Address: The IP address where the action originated.
- Access: Indicates the access interface over which the file activity happened.
- Path: Shows the folder path for the file or folder.
- Action: The type of file activity performed.
- Action Info: Where applicable, shows additional info on the action taken. For example, a move/copy action would display the destination folder that the file or folder was moved to. For link create/delete/download actions, the link URL is displayed.
The File Audit Report might contain "Read" actions. These are file content "reading" actions on behalf of a user. These actions originate from a user's device (e.g. accessing files locally on Desktop App or Mobile App, or accessing files on Storage Sync via mapped drive). These actions might be initiated by the user but sometimes they might also indicate system-level activities on the user's machine (e.g. antivirus scanning or indexing file's content by the operating system to highlight the content in the search provided by the OS).