Audit Logs

The Audit Logs screen enables you to track the changes made by administrators with the Administrator or Operator role in TMWS.

By default, TMWS displays the last seven days of audit log information.

Administrators can query audit logs for as long as 31 days from the past three years.

  1. Go to Logs & Reports > Audit Logs.
  2. Manage audit logs.



    View audit logs

    • Date and Time: Date and time when an administration operation was performed

    • Email Address: Email address of the administrator who performed the operation

    • Description: Specific operation that was performed

    The following operations will not be recorded:

    • Operations on the Dashboard

    • Operations on Policy Enforcement, Internet Access, and Virtual Analyzer logs

    • Operations on log favorites

    • Tests of Active Directory service connection under the Direct, Agent, and Azure AD authentication method

    Query audit logs

    1. Select the start and end dates from the From and To drop-down menus.

    2. Type all or part of an administrator email address, or type one or several keywords of the administration operation that you want to search for.


      The search criteria cannot exceed 256 bytes.

    3. Click Query.

    Export audit logs

    1. Query the audit logs that you want to export.


      All audit logs within the specified date range will be exported, regardless of the search box.

    2. Click Export to CSV.


      A maximum of 5,000 audit logs can be exported at a time.